Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: May be infected

  1. #1
    Member mrr107i's Avatar
    Join Date
    Sep 2003
    Location
    Pittsfield, MA
    Posts
    50
    Points
    0

    Default May be infected

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 11/22/2015 at 09:40 PM

    Application Version : 6.0.1208
    Database Version : 12197

    Scan type : Quick Scan
    Total Scan Time : 00:01:50

    Operating System Information
    Windows 8.1 Home 64-bit (Build 6.03.9600)
    UAC On - Limited User

    Memory items scanned : 652
    Memory threats detected : 0
    Registry items scanned : 55257
    Registry threats detected : 0
    File items scanned : 12103
    File threats detected : 32

    Adware.Tracking Cookie
    .serving-sys.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .scorecardresearch.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .scorecardresearch.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .luckyorange.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .luckyorange.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .gravity.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .dmtry.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .dmtry.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .areyouahuman.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    tap2-cdn.rubiconproject.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .262855726.log.optimizely.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    rma-api.gravity.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .ml314.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    cdn.turn.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    cdn.turn.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    cdn.turn.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .adnxs.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .taboola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    trc.taboola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    trc.taboola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    trc.taboola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    trc.taboola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .ml314.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .ml314.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .adnxs.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    .gravity.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8SB28FOB.DEFAULT-1445699727485\COOKIES.SQLITE ]
    bluekai.com/.bkdc [ C:\USERS\BOB\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\KBII50T0.TXT ]
    bluekai.com/.bku [ C:\USERS\BOB\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\KBII50T0.TXT ]

    ============
    End of Log
    ============
    <?xml version="1.0" encoding="UTF-8"?>

    -<mbam-log>


    -<header>

    <date>2015/11/22 21:25:58 -0500</date>

    <logfile>mbam-log-2015-11-22 (21-25-55).xml</logfile>

    <isadmin>yes</isadmin>

    </header>


    -<engine>

    <version>2.2.0.1024</version>

    <malware-database>v2015.11.22.05</malware-database>

    <rootkit-database>v2015.11.22.02</rootkit-database>

    <license>free</license>

    <file-protection>disabled</file-protection>

    <web-protection>disabled</web-protection>

    <self-protection>disabled</self-protection>

    </engine>


    -<system>

    <hostname>MRR107I</hostname>

    <ip>192.168.1.2</ip>

    <osversion>Windows 8.1</osversion>

    <arch>x64</arch>

    <username>Bob</username>

    <filesys>FAT32</filesys>

    </system>


    -<summary>

    <type>threat</type>

    <result>completed</result>

    <objects>329248</objects>

    <time>370</time>

    <processes>0</processes>

    <modules>0</modules>

    <keys>0</keys>

    <values>0</values>

    <datas>0</datas>

    <folders>0</folders>

    <files>0</files>

    <sectors>0</sectors>

    </summary>


    -<options>

    <memory>enabled</memory>

    <startup>enabled</startup>

    <filesystem>enabled</filesystem>

    <archives>enabled</archives>

    <rootkits>disabled</rootkits>

    <deeprootkit>disabled</deeprootkit>

    <heuristics>enabled</heuristics>

    <pup>enabled</pup>

    <pum>enabled</pum>

    </options>

    <items> </items>

    </mbam-log>

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 9:34:29 PM, on 11/22/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17840)

    FIREFOX: 42.0 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Users\Bob\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Bob\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [BingSvc] C:\Users\Bob\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'Default user')
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.webcompanion.com
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
    O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @oem12.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantAcpiProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
    O23 - Service: MBAMService - Malwarebytes - D:\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: RunSwUSB - Unknown owner - C:\Windows\runSW.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SetupARService - Unknown owner - C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9555 bytes

    Thannk You

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi mrr107i,

    That's not the right Malwarebytes log.

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs
    • Click on the Scan log which shows the Date and time of the scan you just performed.
    • Click Copy to Clipboard
    • Paste the contents of the clipboard into your next reply.


    Please make sure to download the tools to the desktop of your computer.

    Next:

    Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!

    Note: You will need to download the 64-bit version.

    • Make sure that FRST is on the desktop of the infected system
    • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates a second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member mrr107i's Avatar
    Join Date
    Sep 2003
    Location
    Pittsfield, MA
    Posts
    50
    Points
    0

    Default

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/22/2015
    Scan Time: 9:25 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.11.22.05
    Rootkit Database: v2015.11.22.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: FAT32
    User: Bob
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-11-2015
    Ran by Bob (administrator) on MRR107I (23-11-2015 07:59:02)
    Running from C:\Users\Bob\Downloads
    Loaded Profiles: Bob (Available Profiles: Bob)
    Platform: Windows 8.1 Connected (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    () C:\Windows\runSW.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (© 2015 Microsoft Corporation) C:\Users\Bob\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-07] (AVAST Software)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\Run: [BingSvc] => C:\Users\Bob\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-18] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-10-21] (Apple Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-01] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-08] (Lavasoft Limited)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-08] (Lavasoft Limited)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-08] (Lavasoft Limited)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-08] (Lavasoft Limited)
    Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [348488 2015-06-08] (Lavasoft Limited)
    Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-08] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-08] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-08] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-08] (Lavasoft Limited)
    Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-08] (Lavasoft Limited)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{4801BC12-B2C1-4C28-A9A9-F699E785EA37}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{58314AFB-6D85-45D3-A36F-C425D4018777}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{8C7D59E0-7040-41DA-9043-EB5593A6669E}: [DhcpNameServer] 40.24.1.16

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
    SearchScopes: HKLM-x32 -> {E1643A0C-206E-43F2-8ED0-570502D7783A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-29] (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-29] (AVAST Software)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8sb28fob.default-1445699727485
    FF Homepage: hxxp://msn.com/
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1017224066-2363794573-1830531647-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bob\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-25] (Citrix Online)
    FF Extension: Muter - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8sb28fob.default-1445699727485\extensions\muter@yxl.name [2015-10-24]
    FF Extension: Ghostery - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8sb28fob.default-1445699727485\Extensions\firefox@ghostery.com.xpi [2015-11-05]
    FF Extension: Google™ Translator - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8sb28fob.default-1445699727485\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2015-10-24]
    FF Extension: Adblock Plus - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8sb28fob.default-1445699727485\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-24]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-01] [not signed]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
    CHR StartupUrls: Default -> "hxxp://www.msn.com/"
    CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Adblock Plus) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-02]
    CHR Extension: (MSN Homepage) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-11-20]
    CHR Extension: (Google Docs Offline) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
    CHR Extension: (360 Internet Protection) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2015-10-09]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-20]
    CHR HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-01] (AVAST Software)
    R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () [File not signed]
    S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-09-24] (Microsoft Corporation)
    R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-05] (Intel Corporation)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
    R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
    S3 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-08] (Lavasoft Limited)
    S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 RunSwUSB; C:\Windows\runSW.exe [36864 2014-04-15] () [File not signed]
    S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2015-11-15] () [File not signed]
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220912 2014-09-05] (Synaptics Incorporated)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
    S3 w3logsvc; C:\Windows\SysWOW64\inetsrv\w3logsvc.dll [66560 2014-04-02] (Microsoft Corporation)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-04-02] (Microsoft Corporation)
    R2 W3SVC; C:\Windows\SysWOW64\inetsrv\iisw3adm.dll [475648 2014-04-02] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [55800 2015-06-02] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-01] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-01] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-01] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-01] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-01] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-01] (AVAST Software)
    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2014-09-05] (Intel Corporation)
    S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-05] (Intel Corporation)
    S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-05] (Intel Corporation)
    S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-05] (Intel Corporation)
    R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-09-05] (Intel Corporation)
    S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-05] (Intel Corporation)
    S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-05] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2014-09-05] (Intel Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-08-11] (Intel Corporation)
    S3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [94720 2015-05-13] (Intel(R) Corporation)
    R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-08-11] (Intel Corporation)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-08-05] (Intel Corporation)
    R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corporation)
    S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
    U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [752856 2015-06-22] (Realsil Semiconductor Corporation)
    R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-22] (Realsil Semiconductor Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4733184 2015-10-14] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated)
    S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2015-11-23] (SlimWare Utilities, Inc.)
    R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-09-05] (Synaptics Incorporated)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
    S3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
    S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-10-14] (wisecleaner.com)
    R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [214720 2015-10-29] (Microsoft Corporation)
    S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
    S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-23 07:59 - 2015-11-23 07:59 - 00018008 _____ C:\Users\Bob\Downloads\FRST.txt
    2015-11-23 07:58 - 2015-11-23 07:59 - 00000000 ____D C:\FRST
    2015-11-23 07:57 - 2015-11-23 07:57 - 02346496 _____ (Farbar) C:\Users\Bob\Downloads\FRST64.exe
    2015-11-22 21:52 - 2015-11-22 21:52 - 00001284 _____ C:\Users\Bob\Documents\malwarebytes log file.xml
    2015-11-22 14:06 - 2015-11-22 14:06 - 00003584 _____ C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HijackThis.lnk
    2015-11-22 14:00 - 2015-11-22 14:00 - 00000000 ____D C:\Users\Bob\Downloads\backups
    2015-11-22 13:23 - 2015-11-22 21:34 - 00009556 _____ C:\Users\Bob\Desktop\hijackthis.log
    2015-11-22 13:22 - 2015-11-22 14:06 - 00009556 _____ C:\Users\Bob\Downloads\hijackthis.log
    2015-11-22 13:21 - 2015-11-22 13:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bob\Downloads\HijackThis.exe
    2015-11-22 13:10 - 2015-11-23 07:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-11-22 13:10 - 2015-11-22 13:10 - 00000525 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-11-22 13:10 - 2015-11-22 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-11-22 13:09 - 2015-11-22 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-11-22 13:09 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-11-22 13:09 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-11-22 13:09 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2015-11-22 13:07 - 2015-11-22 13:08 - 22908888 _____ (Malwarebytes ) C:\Users\Bob\Downloads\mbam-setup-2.2.0.1024.exe
    2015-11-22 10:50 - 2015-11-22 12:48 - 00000116 _____ C:\Windows\setupact.log
    2015-11-22 10:50 - 2015-11-22 10:50 - 00000000 _____ C:\Windows\setuperr.log
    2015-11-22 10:48 - 2015-11-23 07:46 - 00006926 _____ C:\Windows\runSW.log
    2015-11-22 10:32 - 2015-11-22 10:33 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
    2015-11-22 09:25 - 2015-11-22 09:25 - 00000000 ___HD C:\$Windows.~BT
    2015-11-22 09:14 - 2015-11-22 09:15 - 00000194 _____ C:\Users\Bob\Downloads\setup.log
    2015-11-22 09:14 - 2015-11-22 09:14 - 00000000 ____D C:\Users\Bob\Downloads\Utility
    2015-11-22 09:14 - 2015-11-22 09:14 - 00000000 ____D C:\Users\Bob\Downloads\DrvBin64
    2015-11-22 09:14 - 2015-11-22 09:14 - 00000000 ____D C:\Users\Bob\Downloads\DrvBin32
    2015-11-22 09:14 - 2015-11-22 09:14 - 00000000 ____D C:\Users\Bob\Downloads\APBin
    2015-11-22 09:14 - 2015-06-22 05:24 - 00752856 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
    2015-11-22 09:14 - 2015-06-22 05:24 - 00365272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
    2015-11-22 09:14 - 2015-06-22 05:24 - 00313048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsBaStor.sys
    2015-11-22 09:14 - 2015-06-22 05:24 - 00301784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys
    2015-11-21 18:38 - 2015-11-21 18:38 - 00000301 _____ C:\Users\Bob\Desktop\blackout dates request.txt
    2015-11-21 08:09 - 2015-11-23 07:46 - 00000422 _____ C:\Windows\Tasks\SlimDrivers Startup.job
    2015-11-20 19:34 - 2015-11-20 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-11-20 19:34 - 2015-11-20 19:34 - 00000000 ____D C:\Program Files\7-Zip
    2015-11-20 19:33 - 2015-11-20 19:33 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
    2015-11-20 19:33 - 2015-11-20 19:33 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-11-20 19:33 - 2015-11-20 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-11-20 17:29 - 2015-11-21 19:58 - 00346968 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-11-20 12:24 - 2015-11-20 12:55 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2015-11-20 12:24 - 2015-11-20 12:24 - 00001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-11-20 12:24 - 2015-11-20 12:24 - 00001054 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
    2015-11-20 12:23 - 2015-11-20 12:23 - 08159440 _____ (TeamViewer GmbH) C:\Users\Bob\Downloads\TeamViewer_Setup_en.exe
    2015-11-20 12:15 - 2015-11-20 12:15 - 03495920 _____ (Nanosystems S.r.l.) C:\Users\Bob\Downloads\Supremo.exe
    2015-11-18 22:53 - 2015-11-23 07:56 - 00438427 _____ C:\Windows\WindowsUpdate.log
    2015-11-18 21:42 - 2015-11-18 21:42 - 00001301 _____ C:\Users\Bob\Desktop\Dexterity Test for EDITS - Shortcut.lnk
    2015-11-15 05:56 - 2015-11-21 08:09 - 00002824 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
    2015-11-12 05:27 - 2015-11-12 05:33 - 167730200 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup.exe
    2015-11-11 17:59 - 2015-11-18 21:28 - 00002035 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
    2015-11-11 13:04 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-11-11 13:04 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-11-11 13:04 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-11-11 13:04 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-11-11 13:04 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-11-11 13:04 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-11-11 13:04 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-11-11 13:04 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-11-11 13:04 - 2015-10-30 17:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-11-11 13:04 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-11-11 13:04 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-11-11 13:04 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-11-11 13:04 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-11-11 13:04 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-11-11 13:04 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-11-11 13:04 - 2015-10-30 17:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-11-11 13:04 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-11-11 13:04 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-11-11 13:04 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-11-11 13:04 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-11-11 13:04 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-11-11 13:04 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-11-11 13:04 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-11-11 13:04 - 2015-10-15 11:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-11-11 13:04 - 2015-10-15 10:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-11-11 13:04 - 2015-10-14 18:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-11-11 13:04 - 2015-10-14 18:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-11-11 13:04 - 2015-10-14 18:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-11-11 13:04 - 2015-10-14 18:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-11-11 13:04 - 2015-10-14 18:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-11-11 13:04 - 2015-10-13 12:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-11-11 13:04 - 2015-10-13 12:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-11-11 13:04 - 2015-10-13 10:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2015-11-11 13:04 - 2015-10-13 10:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2015-11-11 13:04 - 2015-10-13 10:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-11-11 13:04 - 2015-10-13 10:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-11-11 13:04 - 2015-10-13 10:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
    2015-11-11 13:04 - 2015-10-13 10:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
    2015-11-11 13:04 - 2015-10-11 01:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-11-11 13:04 - 2015-10-11 01:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-11-11 13:04 - 2015-10-10 13:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-11-11 13:04 - 2015-10-10 13:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-11-11 13:04 - 2015-10-10 13:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-11-11 13:04 - 2015-10-10 12:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-11-11 13:04 - 2015-10-10 12:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-11-11 13:04 - 2015-10-10 12:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-11-11 13:04 - 2015-10-10 11:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-11-11 13:03 - 2015-10-17 09:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-11-11 13:03 - 2015-10-08 11:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2015-11-11 13:03 - 2015-08-10 13:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2015-11-11 13:03 - 2015-08-10 13:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2015-11-11 13:03 - 2015-08-10 12:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2015-11-11 13:03 - 2015-08-10 11:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
    2015-11-11 13:03 - 2015-08-10 11:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2015-11-11 13:03 - 2014-11-10 13:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
    2015-11-08 23:16 - 2015-11-11 09:02 - 00000000 ____D C:\Program Files\Adblock Plus for IE
    2015-11-06 13:53 - 2015-11-15 06:40 - 00003428 _____ C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task
    2015-11-06 13:31 - 2015-11-08 23:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-11-05 07:56 - 2015-10-20 16:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-11-05 07:56 - 2015-10-20 09:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-11-05 07:56 - 2015-10-20 09:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-11-05 07:56 - 2015-10-20 09:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-11-05 07:56 - 2015-10-20 09:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2015-11-05 07:56 - 2015-10-20 09:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-11-05 07:56 - 2015-10-20 09:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-11-05 07:56 - 2015-10-20 09:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-11-05 07:56 - 2015-10-20 09:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-11-05 07:56 - 2015-10-20 09:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-11-05 07:56 - 2015-10-20 09:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-11-05 07:56 - 2015-10-20 09:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-10-31 21:47 - 2015-10-29 05:29 - 00214720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wofadk.sys
    2015-10-29 19:13 - 2015-08-03 17:58 - 00033960 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
    2015-10-29 10:41 - 2015-11-12 10:10 - 00077904 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
    2015-10-26 16:29 - 2015-11-11 17:56 - 00000000 ____D C:\Program Files (x86)\HP
    2015-10-26 11:42 - 2015-10-26 11:42 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-10-26 11:15 - 2015-10-26 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-10-26 11:13 - 2015-10-26 11:13 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk
    2015-10-26 11:13 - 2015-10-26 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-10-26 11:12 - 2015-10-26 11:13 - 00000000 ____D C:\Program Files\iTunes
    2015-10-26 11:12 - 2015-10-26 11:12 - 00000000 ____D C:\Program Files\iPod
    2015-10-24 20:03 - 2015-11-16 00:42 - 00000000 ____D C:\Windows\pss
    2015-10-24 10:15 - 2015-10-24 10:15 - 00000000 ____D C:\Users\Bob\Desktop\Old Firefox Data

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-23 07:58 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
    2015-11-23 07:49 - 2015-03-24 11:09 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{008893CB-D06B-4EFF-B24D-7C837C44A4DA}
    2015-11-23 07:46 - 2015-04-06 21:05 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
    2015-11-23 07:46 - 2015-03-24 09:39 - 00000000 __RDO C:\Users\Bob\OneDrive
    2015-11-22 21:02 - 2015-03-24 09:37 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1017224066-2363794573-1830531647-1001
    2015-11-22 13:51 - 2015-03-24 09:31 - 00000000 ____D C:\Users\Bob
    2015-11-22 13:22 - 2015-03-24 09:31 - 00000000 ____D C:\Users\Bob\AppData\Local\VirtualStore
    2015-11-22 12:58 - 2014-03-18 04:53 - 00992652 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-11-22 12:48 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-11-22 10:37 - 2014-09-19 21:10 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2015-11-22 10:36 - 2015-03-25 18:24 - 00000000 ____D C:\swsetup
    2015-11-22 09:27 - 2014-04-02 18:51 - 00000000 ____D C:\Windows\Panther
    2015-11-22 09:15 - 2015-03-03 11:19 - 00000000 ____D C:\Windows\SysWOW64\sda
    2015-11-22 09:15 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
    2015-11-22 09:15 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
    2015-11-22 09:14 - 2015-03-03 11:17 - 00000000 ____D C:\Program Files (x86)\Realtek
    2015-11-21 23:21 - 2015-05-20 11:14 - 00000000 ____D C:\Windows\Minidump
    2015-11-21 19:42 - 2015-03-24 21:21 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Skype
    2015-11-21 08:48 - 2015-03-25 12:27 - 00000000 ____D C:\Program Files (x86)\360
    2015-11-20 19:34 - 2015-03-24 21:21 - 00000000 ____D C:\ProgramData\Skype
    2015-11-20 18:18 - 2015-10-06 06:54 - 00000000 ____D C:\Program Files (x86)\Wise
    2015-11-19 20:21 - 2015-03-24 21:26 - 00003068 _____ C:\Windows\System32\Tasks\{55F56A92-4570-4212-9249-9326DF1BB5C3}
    2015-11-18 23:45 - 2015-10-14 16:55 - 00003086 _____ C:\Windows\System32\Tasks\wise turbo checker
    2015-11-18 23:45 - 2015-03-25 21:24 - 00000000 ____D C:\Windows\Tasks\360Disabled
    2015-11-18 23:10 - 2015-03-25 21:25 - 00000000 ____D C:\ProgramData\360Quarant
    2015-11-18 22:50 - 2015-03-03 11:22 - 00000000 ____D C:\ProgramData\Package Cache
    2015-11-18 22:50 - 2015-03-03 11:19 - 00000000 ____D C:\Program Files\Intel
    2015-11-15 06:19 - 2015-03-03 11:17 - 00000000 ___HD C:\Program Files (x86)\Temp
    2015-11-15 06:09 - 2015-03-03 11:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-11-13 18:03 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
    2015-11-12 06:42 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2015-11-11 21:29 - 2015-03-29 20:53 - 00003720 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-11-11 18:24 - 2015-03-24 15:47 - 00000000 ____D C:\Windows\system32\MRT
    2015-11-11 18:19 - 2015-03-24 15:47 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-11-10 17:48 - 2015-04-22 20:51 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-11-08 23:27 - 2015-03-29 20:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-11-08 23:25 - 2015-09-10 20:45 - 00000000 ____D C:\Users\Bob\AppData\LocalLow\Adblock Plus for IE
    2015-11-07 08:10 - 2015-04-22 20:50 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2015-11-07 08:10 - 2015-04-22 20:50 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2015-11-02 19:23 - 2013-08-22 10:38 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-11-02 19:23 - 2013-08-22 10:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-31 22:02 - 2015-03-24 18:06 - 00000000 ____D C:\Users\Bob\AppData\Roaming\SWF.max
    2015-10-29 19:13 - 2015-03-03 11:31 - 00000000 ____D C:\ProgramData\Synaptics
    2015-10-28 14:47 - 2015-09-03 21:46 - 00000000 ___RD C:\Users\Bob\iCloudDrive
    2015-10-26 16:36 - 2015-03-24 18:07 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-10-26 16:36 - 2015-03-24 18:07 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2015-10-26 11:33 - 2015-09-03 21:46 - 00000000 ____D C:\Users\Bob\AppData\Local\Apple Inc
    2015-10-26 11:12 - 2015-09-04 10:15 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-10-26 11:12 - 2015-09-03 21:19 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-10-24 08:56 - 2015-10-01 19:58 - 00000000 ____D C:\Users\Bob\AppData\Local\Google
    2015-10-24 08:46 - 2015-03-24 18:07 - 00000000 ____D C:\Program Files\CCleaner

    ==================== Files in the root of some directories =======

    2015-10-01 19:58 - 2015-10-01 20:11 - 50063360 _____ () C:\Program Files (x86)\GUT4C32.tmp
    2015-06-29 20:24 - 2015-06-29 20:24 - 0000262 _____ () C:\ProgramData\fontcacheev1.dat
    2015-03-29 08:28 - 2015-03-29 08:28 - 0005049 _____ () C:\ProgramData\wwznqdpf.eax

    Files to move or delete:
    ====================
    C:\ProgramData\fontcacheev1.dat


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-11-21 20:47

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:22-11-2015
    Ran by Bob (2015-11-23 08:00:08)
    Running from C:\Users\Bob\Downloads
    Windows 8.1 Connected (X64) (2015-03-24 14:31:50)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1017224066-2363794573-1830531647-500 - Administrator - Disabled)
    Bob (S-1-5-21-1017224066-2363794573-1830531647-1001 - Administrator - Enabled) => C:\Users\Bob
    Guest (S-1-5-21-1017224066-2363794573-1830531647-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1017224066-2363794573-1830531647-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
    Ad-Aware Web Companion (x32 Version: 2.0.1025.2130 - Lavasoft) Hidden
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    Aero SWF.max 1.6.860 (HKLM-x32\...\SWF.max) (Version: - .max)
    Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9870 - Broadcom Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
    HP Documentation (HKLM-x32\...\{9BCC40C6-8A7C-4134-AF7D-9C2332E2DA80}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{403E9EFF-C4B4-4308-BA4E-7093B6BA03D5}) (Version: 2.5.5 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
    iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
    Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2210 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
    Jarte 5.2 (HKLM-x32\...\Jarte_is1) (Version: 5.2 - Carolina Road Software L.L.C.)
    LavasoftTcpService (x32 Version: 2.3.4.7 - Lavasoft) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
    REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.26 - REALTEK Semiconductor Corp.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.94 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.41 - REALTEK Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0243 - )
    Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.)
    SlimDrivers (HKLM-x32\...\{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}) (Version: 2.2.45206 - SlimWare Utilities, Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
    Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.29.0 - Synaptics Incorporated)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1017224066-2363794573-1830531647-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

    ==================== Restore Points =========================

    22-11-2015 21:58:22 Scheduled Checkpoint

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0A378DD2-8F00-4997-ACA2-107766AAF19F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-10-21] (Apple Inc.)
    Task: {0AD46DE4-EA12-4E6A-BCCF-EB506F64205D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
    Task: {159B20FF-2F79-4F2A-B752-6503C68048BC} - System32\Tasks\HPCeeScheduleForBob => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {259E2E81-4918-4529-9BE4-607E39C0EC5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
    Task: {3D05275A-E5DA-4DA6-9522-33AEF241009E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {3EA4B4AB-5A0A-426E-A90A-06D3FAC60834} - System32\Tasks\Wise Care 365 PC Checkup Task => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
    Task: {3FF9F6FA-2262-469B-90D8-774D7C373208} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {4280186D-6927-4246-87A4-42F9274A9322} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
    Task: {4B99509D-8059-4435-8DB5-B9EA02283720} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
    Task: {6212FB29-74C4-496D-B58E-85E91638419B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-01] (AVAST Software)
    Task: {6BE97DFD-CDF3-4D50-A994-33DCEAFE6CCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
    Task: {6DB3243A-94FD-4727-A532-193F1180DA6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-09-28] (Hewlett-Packard)
    Task: {71B20D6F-3049-401F-9229-A8E0CFA27134} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
    Task: {7624719D-03A2-4224-88B9-941F3CF488FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
    Task: {A8A45C3D-B115-4D50-A11E-E069B7D3C790} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-02-27] (SlimWare Utilities, Inc.)
    Task: {AD19E214-9ACB-491C-BC8C-C7EA69FD832C} - System32\Tasks\wise turbo checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    Task: {AF2B78DD-F36B-4596-9394-CFCBA9B148EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {B3FDD6E1-7BE6-4D94-9B1F-C6665344A90B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
    Task: {BA908F1E-01F5-429C-A64C-5526DA0C13AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
    Task: {BA9A5314-30EC-4748-947D-1202E64502F6} - System32\Tasks\SUPERAntiSpyware Scheduled Task 506032f2-cced-4bca-a53e-09acc89a1078 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {D84B808F-EB8B-4663-A856-135558CBEECB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2014-08-21] (Hewlett-Packard Company)
    Task: {F340FDFA-E311-48BB-A3D3-08D7159B690E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
    Task: {F89DF2BE-67B6-4AB1-B9EE-1A8634971AC2} - System32\Tasks\{55F56A92-4570-4212-9249-9326DF1BB5C3} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsMain
    Task: {FDF4603D-FDD9-4239-AA81-B53AD436F4CD} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2014-05-15] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\HPCeeScheduleForBob.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 506032f2-cced-4bca-a53e-09acc89a1078.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-03 11:21 - 2014-10-11 09:24 - 00098816 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
    2015-07-09 06:10 - 2014-04-15 09:36 - 00036864 _____ () C:\Windows\runSW.exe
    2015-10-01 11:24 - 2015-10-01 11:24 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-10-01 11:24 - 2015-10-01 11:24 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-11-22 07:11 - 2015-11-22 07:11 - 02994176 _____ () C:\Program Files\AVAST Software\Avast\defs\15112200\algo.dll
    2015-11-22 12:50 - 2015-11-22 12:50 - 02994176 _____ () C:\Program Files\AVAST Software\Avast\defs\15112201\algo.dll
    2015-10-01 11:24 - 2015-10-01 11:24 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\webcompanion.com -> hxxp://webcompanion.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: QHActiveDefense =>
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{5A91221A-A892-4118-80CE-6384D77DE4BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{8DDE7D4B-B01B-433F-8525-B9D4BB7B67F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C1AA3546-DD03-4881-8EF7-0A7A498A78F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [TCP Query User{3597E3DD-381F-42C8-BAE3-8AADBB55E1C8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{92E04EE1-5F10-4998-A974-4446B74962B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{B90525B8-A804-4CDC-B41B-F2290B53FC43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{B43E81CB-457D-401E-B9EC-E2A674843B5B}] => (Allow) C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    FirewallRules: [{202B8906-45D5-4997-948C-67795CC2AB51}] => (Allow) C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    FirewallRules: [{DFE3115D-DC10-4D88-96CF-4B3FDB87EC82}] => (Allow) C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    FirewallRules: [{E06DC021-4784-4551-89F3-2425222FE4CD}] => (Allow) C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    FirewallRules: [{E02C980A-08B8-4312-A455-0EA18B494D6B}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    FirewallRules: [{3FE60273-2533-45BB-A758-B86D11729C2C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    FirewallRules: [{6A6CFC89-6B3D-4847-BCF1-FB74AB0B8837}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    FirewallRules: [{C9239AD1-436F-45DD-BEB7-6819B23BC226}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    FirewallRules: [{B29A4FC9-4ECA-47A0-BC69-AC3FE28F77C0}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
    FirewallRules: [{23F0F2E9-0EA0-4D9E-A5AC-87269D150E3D}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
    FirewallRules: [{E2EB7F49-95D5-4F5D-BFBC-CB9348929327}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
    FirewallRules: [{AD38C3BE-8D68-424A-AFC6-BD2ED7FFB015}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
    FirewallRules: [{37F7F3B4-CCF4-475D-B022-A46252246CDC}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{4F67AD59-F0A3-421D-82D0-CDB732C78259}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{A8ACF763-33D9-4246-92D5-FC87D3F95386}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{3009FFDD-4157-4FD9-AB95-7E1F40C3EDF3}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{A02B7BB0-F213-4CAC-B6CF-DB5D36D85BAC}] => (Allow) LPort=139
    FirewallRules: [{AADA3F97-E74E-4B21-A549-455D3654E807}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{7E24C326-1BC3-4A68-BA45-FEF0DF5F1264}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2D0740BB-3BA9-405B-A99E-1C53F00A6BE2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{B0F08C62-4E3C-418B-ABFE-00ED76CF0EF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{393A5467-41E5-48CA-9830-49FBDD2D5122}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{66B5DE45-AB82-438B-8C92-5E089995D9CE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{D75EC6E1-1897-4588-AA93-103411BB55AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{46802934-3A61-4793-947A-9B1560BEBA22}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D6C700B9-B269-49AC-B277-BBFEC98EA449}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\ClearSysReg.exe
    FirewallRules: [{26713062-5E6A-47A6-B02F-761E5D342C1C}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\ClearSysReg.exe
    FirewallRules: [{ECEFA7C0-D04F-49F2-A00D-036AD755C6CE}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\ClearSysReg.exe
    FirewallRules: [{7A37E8B8-915A-4F17-9934-724B82C86DD3}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\ClearSysReg.exe
    FirewallRules: [{DC35BC71-37AA-4703-B57B-0EEB57923FA5}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\SetSysTray.exe
    FirewallRules: [{079701B3-AACC-408B-A61B-8AA8F9A22BC0}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\SetSysTray.exe
    FirewallRules: [{1C686453-AE91-45AF-BA9C-F869B15078F8}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\SetSysTray.exe
    FirewallRules: [{0353DE54-963C-475A-ABBB-8A89849923C6}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\SetSysTray.exe
    FirewallRules: [{57012C7E-11DC-4B9B-A3F2-373FD8ECEE84}] => (Allow) C:\Program Files\Hewlett-Packard\Shared\WizInstaller.exe
    FirewallRules: [{5DBA2D4F-414C-45AD-B113-C599FC7BFD99}] => (Allow) C:\Program Files\Hewlett-Packard\Shared\WizInstaller.exe
    FirewallRules: [{DD47367E-2FDB-406F-B123-13B7C0E4D08A}] => (Allow) C:\Program Files\Hewlett-Packard\Shared\WizInstaller.exe
    FirewallRules: [{E7DC64CD-D316-4733-8002-CF90C6ED1EC0}] => (Allow) C:\Program Files\Hewlett-Packard\Shared\WizInstaller.exe
    FirewallRules: [{287F6BB0-86FB-46C4-836D-E7E95D836466}] => (Allow) LPort=139
    FirewallRules: [{97D4942D-E3E9-4828-829F-1788249F4B5B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{DEB83B68-56CB-466D-A080-3C3078079DC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{89F8B416-2065-4538-97F9-7FAAF00AA067}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{44315EFC-675D-4DED-8575-B7619BD5436D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/22/2015 00:50:25 PM) (Source: SetupARService) (EventID: 0) (User: )
    Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
    at SetupAfterRebootService.SetupARService.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error: (11/22/2015 10:49:23 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {8e94a45d-2cd4-4bc8-a2b4-f35d65a421d9}

    Error: (11/22/2015 10:40:32 AM) (Source: SetupARService) (EventID: 0) (User: )
    Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
    at SetupAfterRebootService.SetupARService.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error: (11/22/2015 10:32:30 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Detect_InWarrantyCarePack.exe, version: 1.0.0.9, time stamp: 0x56391e16
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00007ff97b810481
    Faulting process id: 0x18f4
    Faulting application start time: 0xDetect_InWarrantyCarePack.exe0
    Faulting application path: Detect_InWarrantyCarePack.exe1
    Faulting module path: Detect_InWarrantyCarePack.exe2
    Report Id: Detect_InWarrantyCarePack.exe3
    Faulting package full name: Detect_InWarrantyCarePack.exe4
    Faulting package-relative application ID: Detect_InWarrantyCarePack.exe5

    Error: (11/22/2015 10:32:29 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Detect_PostWarrantyCarePack.exe, version: 1.0.0.12, time stamp: 0x56391d8a
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00007ff97b800481
    Faulting process id: 0x1938
    Faulting application start time: 0xDetect_PostWarrantyCarePack.exe0
    Faulting application path: Detect_PostWarrantyCarePack.exe1
    Faulting module path: Detect_PostWarrantyCarePack.exe2
    Report Id: Detect_PostWarrantyCarePack.exe3
    Faulting package full name: Detect_PostWarrantyCarePack.exe4
    Faulting package-relative application ID: Detect_PostWarrantyCarePack.exe5

    Error: (11/22/2015 10:32:29 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Detect_InWarrantyCarePack.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.NullReferenceException
    Stack:
    at Detect_PostWarrantyCarePack.Program.Main(System.String[])

    Error: (11/22/2015 10:32:29 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Detect_PostWarrantyCarePack.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.NullReferenceException
    Stack:
    at Detect_PostWarrantyCarePack.Program.Main(System.String[])

    Error: (11/22/2015 10:32:27 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Detect_WelcomeHPSAv8.exe, version: 1.0.0.5, time stamp: 0x55c88397
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00007ff97b810481
    Faulting process id: 0x18ac
    Faulting application start time: 0xDetect_WelcomeHPSAv8.exe0
    Faulting application path: Detect_WelcomeHPSAv8.exe1
    Faulting module path: Detect_WelcomeHPSAv8.exe2
    Report Id: Detect_WelcomeHPSAv8.exe3
    Faulting package full name: Detect_WelcomeHPSAv8.exe4
    Faulting package-relative application ID: Detect_WelcomeHPSAv8.exe5

    Error: (11/22/2015 10:32:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Detect_WelcomeHPSAv8.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.NullReferenceException
    Stack:
    at Detect_WelcomeHPSAv8.Program.Main(System.String[])

    Error: (11/22/2015 10:32:26 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Detect_BeforeUpgradingToWindows10Business.exe, version: 1.0.0.6, time stamp: 0x56292017
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00007ff97b820481
    Faulting process id: 0x1880
    Faulting application start time: 0xDetect_BeforeUpgradingToWindows10Business.exe0
    Faulting application path: Detect_BeforeUpgradingToWindows10Business.exe1
    Faulting module path: Detect_BeforeUpgradingToWindows10Business.exe2
    Report Id: Detect_BeforeUpgradingToWindows10Business.exe3
    Faulting package full name: Detect_BeforeUpgradingToWindows10Business.exe4
    Faulting package-relative application ID: Detect_BeforeUpgradingToWindows10Business.exe5


    System errors:
    =============
    Error: (11/22/2015 09:38:07 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (11/22/2015 00:53:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Work Folders service hung on starting.

    Error: (11/22/2015 00:51:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Network Connection Broker service hung on starting.

    Error: (11/22/2015 00:50:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Encryption Provider Host Service service terminated with the following error:
    %%1064

    Error: (11/22/2015 00:50:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Software Framework Service service failed to start due to the following error:
    %%1053

    Error: (11/22/2015 00:50:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (120000 milliseconds) while waiting for the HP Software Framework Service service to connect.

    Error: (11/22/2015 00:48:19 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:38:25 AM on ‎11/‎22/‎2015 was unexpected.

    Error: (11/22/2015 10:43:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Work Folders service hung on starting.

    Error: (11/22/2015 10:41:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Network Connection Broker service hung on starting.

    Error: (11/22/2015 10:40:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Encryption Provider Host Service service terminated with the following error:
    %%1064


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
    Percentage of memory in use: 69%
    Total physical RAM: 1939.04 MB
    Available physical RAM: 587.4 MB
    Total Virtual: 3155.04 MB
    Available Virtual: 1411.91 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:21.54 GB) (Free:1.15 GB) NTFS
    Drive d: () (Removable) (Total:28.77 GB) (Free:23.54 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 29.1 GB) (Disk ID: 8712411B)

    Partition: GPT.

    ========================================================
    Disk: 1 (Size: 28.8 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================



    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 329248
    Time Elapsed: 6 min, 10 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    Thank You
    Last edited by mrr107i; 11-23-2015 at 07:08 AM.

  4. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi mrr107i,

    Thank you for the logs.

    Doesn't look too awfully bad, though there are a few things we need to clean up here. Please do the following:

    • Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
    • Please copy the entire contents of the code box below.
      (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

      Code:
      start
      CloseProcesses:
      CreateRestorePoint:
      HKLM\...\Policies\Explorer: [NoFolderOptions] 0
      HKLM\...\Policies\Explorer: [NoControlPanel] 0
      HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      SearchScopes: HKLM-x32 -> {E1643A0C-206E-43F2-8ED0-570502D7783A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
      S3 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-08] (Lavasoft Limited)
      C:\Program Files (x86)\Lavasoft
      Ad-Aware Web Companion (x32 Version: 2.0.1025.2130 - Lavasoft) Hidden
      LavasoftTcpService (x32 Version: 2.3.4.7 - Lavasoft) Hidden
      2015-11-20 18:18 - 2015-10-06 06:54 - 00000000 ____D C:\Program Files (x86)\Wise
      2015-11-19 20:21 - 2015-03-24 21:26 - 00003068 _____ C:\Windows\System32\Tasks\{55F56A92-4570-4212-9249-9326DF1BB5C3}
      2015-11-18 23:45 - 2015-10-14 16:55 - 00003086 _____ C:\Windows\System32\Tasks\wise turbo checker
      2015-11-18 23:45 - 2015-03-25 21:24 - 00000000 ____D C:\Windows\Tasks\360Disabled
      2015-11-18 23:10 - 2015-03-25 21:25 - 00000000 ____D C:\ProgramData\360Quarant
      2015-11-18 22:50 - 2015-03-03 11:22 - 00000000 ____D C:\ProgramData\Package Cache
      C:\ProgramData\fontcacheev1.dat
      Task: {3EA4B4AB-5A0A-426E-A90A-06D3FAC60834} - System32\Tasks\Wise Care 365 PC Checkup Task => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
      C:\Program Files (x86)\Wise
      Task: {AD19E214-9ACB-491C-BC8C-C7EA69FD832C} - System32\Tasks\wise turbo checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
      IE trusted site: HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\webcompanion.com -> hxxp://webcompanion.com
      CMD: bitsadmin /reset /allusers
      CMD: netsh winsock reset catalog
      CMD: ipconfig /flushdns
      RemoveProxy:
      hosts:
      Emptytemp:
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
    • The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please post it in your next reply.


    Reboot the computer...

    Next:

    After you reboot the computer, please go into your Control Panel > Programs and Features and uninstall the following 2 programs:

    Ad-Aware Web Companion (x32 Version: 2.0.1025.2130 - Lavasoft) Hidden
    LavasoftTcpService (x32 Version: 2.3.4.7 - Lavasoft) Hidden


    Next:

    Now that we have ran the fix and uninstalled the programs, I would like to see fresh logs. Also please let me know what issues you are experiencing. The more detail you provide the better understanding I'll have as to our next steps to take.

    • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
    • Under Optional Scan place a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
    • Press Scan button.
    • Please attach both logs in your next reply.


    In your next reply, please provide the following:

    Fixlog.txt
    FRST.txt
    Addition.txt
    Detailed account of issues present.


    Thank you
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  5. #5
    Member mrr107i's Avatar
    Join Date
    Sep 2003
    Location
    Pittsfield, MA
    Posts
    50
    Points
    0

    Default

    Hi Donna, I appreciate your helping me here, however I got lost on the Save it to the sa"me direction as frst.exe (or frst64.exe) fixxlist.txt" step. I had placed the code you sent to me in your last reply to the search window in FRST tool, then pressed fix, and it could not find the log file that was pasted.
    Can you try to tell me what I may be doing wrong?

    Thank You

  6. #6
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi mrr107i,

    More than happy to help.

    FRST is located in the following location:

    Running from C:\Users\Bob\Downloads

    You should find the fixlog.txt there as well.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  7. #7
    Member mrr107i's Avatar
    Join Date
    Sep 2003
    Location
    Pittsfield, MA
    Posts
    50
    Points
    0

    Default

    Sorry, but upon pressing fix the of FRST tool I get "no fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located"??

  8. #8
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    The fixlist.txt should be in the same folder/directory the tool is located"??
    Yes. If was downloaded into your Downloads folder as indicated by the file path > C:\Users\Bob\Downloads, that is where the fixlist.txt will be placed once the fix is executed.

    Let's make this a bit easier for you. The instructions I provided in post #2 asks for you to download to your desktop. The main reason for this request is make it easier to find the fixlog.txt once the fix has been executed. Below I will provide instructions on how to change the default location for downloads. The log shows that the browser you prefer is Chrome. Is that correct? How about if I include instructions on how to change the download locations for the most popular browsers. Go into the browser of your choice and follow the instructions below to change the location. Then I will need for you to delete the copy of FRST64.exe from your Downloads folder and download a new copy from here. Next, run the fix again that I posted here.

    Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

    Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.

    Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  9. #9
    Member mrr107i's Avatar
    Join Date
    Sep 2003
    Location
    Pittsfield, MA
    Posts
    50
    Points
    0

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
    Ran by Bob (2015-11-25 09:16:51) Run:1
    Running from C:\Users\Bob\Desktop
    Loaded Profiles: Bob (Available Profiles: Bob)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM-x32 -> {E1643A0C-206E-43F2-8ED0-570502D7783A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    S3 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-08] (Lavasoft Limited)
    C:\Program Files (x86)\Lavasoft
    Ad-Aware Web Companion (x32 Version: 2.0.1025.2130 - Lavasoft) Hidden
    LavasoftTcpService (x32 Version: 2.3.4.7 - Lavasoft) Hidden
    2015-11-20 18:18 - 2015-10-06 06:54 - 00000000 ____D C:\Program Files (x86)\Wise
    2015-11-19 20:21 - 2015-03-24 21:26 - 00003068 _____ C:\Windows\System32\Tasks\{55F56A92-4570-4212-9249-9326DF1BB5C3}
    2015-11-18 23:45 - 2015-10-14 16:55 - 00003086 _____ C:\Windows\System32\Tasks\wise turbo checker
    2015-11-18 23:45 - 2015-03-25 21:24 - 00000000 ____D C:\Windows\Tasks\360Disabled
    2015-11-18 23:10 - 2015-03-25 21:25 - 00000000 ____D C:\ProgramData\360Quarant
    2015-11-18 22:50 - 2015-03-03 11:22 - 00000000 ____D C:\ProgramData\Package Cache
    C:\ProgramData\fontcacheev1.dat
    Task: {3EA4B4AB-5A0A-426E-A90A-06D3FAC60834} - System32\Tasks\Wise Care 365 PC Checkup Task => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
    C:\Program Files (x86)\Wise
    Task: {AD19E214-9ACB-491C-BC8C-C7EA69FD832C} - System32\Tasks\wise turbo checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    IE trusted site: HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\webcompanion.com -> hxxp://webcompanion.com
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM-x32 -> {E1643A0C-206E-43F2-8ED0-570502D7783A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    S3 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-08] (Lavasoft Limited)
    C:\Program Files (x86)\Lavasoft
    Ad-Aware Web Companion (x32 Version: 2.0.1025.2130 - Lavasoft) Hidden
    LavasoftTcpService (x32 Version: 2.3.4.7 - Lavasoft) Hidden
    2015-11-20 18:18 - 2015-10-06 06:54 - 00000000 ____D C:\Program Files (x86)\Wise
    2015-11-19 20:21 - 2015-03-24 21:26 - 00003068 _____ C:\Windows\System32\Tasks\{55F56A92-4570-4212-9249-9326DF1BB5C3}
    2015-11-18 23:45 - 2015-10-14 16:55 - 00003086 _____ C:\Windows\System32\Tasks\wise turbo checker
    2015-11-18 23:45 - 2015-03-25 21:24 - 00000000 ____D C:\Windows\Tasks\360Disabled
    2015-11-18 23:10 - 2015-03-25 21:25 - 00000000 ____D C:\ProgramData\360Quarant
    2015-11-18 22:50 - 2015-03-03 11:22 - 00000000 ____D C:\ProgramData\Package Cache
    C:\ProgramData\fontcacheev1.dat
    Task: {3EA4B4AB-5A0A-426E-A90A-06D3FAC60834} - System32\Tasks\Wise Care 365 PC Checkup Task => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe
    C:\Program Files (x86)\Wise
    Task: {AD19E214-9ACB-491C-BC8C-C7EA69FD832C} - System32\Tasks\wise turbo checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    IE trusted site: HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\webcompanion.com -> hxxp://webcompanion.com
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E1643A0C-206E-43F2-8ED0-570502D7783A}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{E1643A0C-206E-43F2-8ED0-570502D7783A} => key not found.
    LavasoftTcpService => service removed successfully
    C:\Program Files (x86)\Lavasoft => moved successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}\\SystemComponent => value removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A923CF0A-44D9-4357-B2E8-0A2352151A3C}\\SystemComponent => value removed successfully
    C:\Program Files (x86)\Wise => moved successfully
    C:\Windows\System32\Tasks\{55F56A92-4570-4212-9249-9326DF1BB5C3} => moved successfully
    C:\Windows\System32\Tasks\wise turbo checker => moved successfully
    C:\Windows\Tasks\360Disabled => moved successfully
    C:\ProgramData\360Quarant => moved successfully
    C:\ProgramData\Package Cache => moved successfully
    C:\ProgramData\fontcacheev1.dat => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EA4B4AB-5A0A-426E-A90A-06D3FAC60834}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EA4B4AB-5A0A-426E-A90A-06D3FAC60834}" => key removed successfully
    C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wise Care 365 PC Checkup Task" => key removed successfully
    "C:\Program Files (x86)\Wise" => not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD19E214-9ACB-491C-BC8C-C7EA69FD832C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD19E214-9ACB-491C-BC8C-C7EA69FD832C}" => key removed successfully
    C:\Windows\System32\Tasks\wise turbo checker => not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wise turbo checker" => key removed successfully
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys" => key removed successfully
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys" => key removed successfully
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully
    "HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.7.9600 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    0 out of 0 jobs canceled.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value not found.
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value not found.
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E1643A0C-206E-43F2-8ED0-570502D7783A} => key not found.
    HKCR\Wow6432Node\CLSID\{E1643A0C-206E-43F2-8ED0-570502D7783A} => key not found.
    LavasoftTcpService => service not found.
    "C:\Program Files (x86)\Lavasoft" => not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}\\SystemComponent => value not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A923CF0A-44D9-4357-B2E8-0A2352151A3C}\\SystemComponent => value not found.
    "C:\Program Files (x86)\Wise" => not found.
    "C:\Windows\System32\Tasks\{55F56A92-4570-4212-9249-9326DF1BB5C3}" => not found.
    "C:\Windows\System32\Tasks\wise turbo checker" => not found.
    "C:\Windows\Tasks\360Disabled" => not found.
    "C:\ProgramData\360Quarant" => not found.
    "C:\ProgramData\Package Cache" => not found.
    "C:\ProgramData\fontcacheev1.dat" => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EA4B4AB-5A0A-426E-A90A-06D3FAC60834} => key not found.
    C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wise Care 365 PC Checkup Task => key not found.
    "C:\Program Files (x86)\Wise" => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD19E214-9ACB-491C-BC8C-C7EA69FD832C} => key not found.
    C:\Windows\System32\Tasks\wise turbo checker => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wise turbo checker => key not found.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => key not found.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => key not found.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => key not found.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => key not found.
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => key not found.

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.7.9600 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    0 out of 0 jobs canceled.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 307.2 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 09:18:38 ====
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
    Ran by Bob (administrator) on MRR107I (25-11-2015 10:05:51)
    Running from C:\Users\Bob\Desktop
    Loaded Profiles: Bob (Available Profiles: Bob)
    Platform: Windows 8.1 Connected (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    () C:\Windows\runSW.exe
    (Realtek) C:\Windows\SwUSB.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (© 2015 Microsoft Corporation) C:\Users\Bob\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-07] (AVAST Software)
    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\Run: [BingSvc] => C:\Users\Bob\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-18] (© 2015 Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-10-21] (Apple Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-01] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{4801BC12-B2C1-4C28-A9A9-F699E785EA37}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{58314AFB-6D85-45D3-A36F-C425D4018777}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{8C7D59E0-7040-41DA-9043-EB5593A6669E}: [DhcpNameServer] 40.24.1.16

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-29] (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-29] (AVAST Software)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8sb28fob.default-1445699727485
    FF Homepage: hxxp://msn.com/
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1017224066-2363794573-1830531647-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Bob\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-25] (Citrix Online)
    FF Extension: Muter - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8sb28fob.default-1445699727485\extensions\muter@yxl.name [2015-10-24]
    FF Extension: Ghostery - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8sb28fob.default-1445699727485\Extensions\firefox@ghostery.com.xpi [2015-11-05]
    FF Extension: Google™ Translator - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8sb28fob.default-1445699727485\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2015-10-24]
    FF Extension: Adblock Plus - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\8sb28fob.default-1445699727485\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-24]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-01] [not signed]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
    CHR StartupUrls: Default -> "hxxp://www.msn.com/"
    CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Adblock Plus) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-02]
    CHR Extension: (MSN Homepage) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-11-20]
    CHR Extension: (Google Docs Offline) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
    CHR Extension: (360 Internet Protection) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2015-10-09]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-20]
    CHR HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-01] (AVAST Software)
    R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () [File not signed]
    S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-09-24] (Microsoft Corporation)
    R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2014-09-05] (Intel Corporation)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
    R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
    S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 RunSwUSB; C:\Windows\runSW.exe [36864 2014-04-15] () [File not signed]
    S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2015-11-15] () [File not signed]
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220912 2014-09-05] (Synaptics Incorporated)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
    S3 w3logsvc; C:\Windows\SysWOW64\inetsrv\w3logsvc.dll [66560 2014-04-02] (Microsoft Corporation)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-04-02] (Microsoft Corporation)
    R2 W3SVC; C:\Windows\SysWOW64\inetsrv\iisw3adm.dll [475648 2014-04-02] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [55800 2015-06-02] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-01] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-01] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-01] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-01] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-01] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-01] (AVAST Software)
    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2014-09-05] (Intel Corporation)
    S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2014-09-05] (Intel Corporation)
    S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-05] (Intel Corporation)
    S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-05] (Intel Corporation)
    R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2014-09-05] (Intel Corporation)
    S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-05] (Intel Corporation)
    S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-05] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2014-09-05] (Intel Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-08-11] (Intel Corporation)
    S3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [94720 2015-05-13] (Intel(R) Corporation)
    R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-08-11] (Intel Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-08-05] (Intel Corporation)
    R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corporation)
    S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
    U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [752856 2015-06-22] (Realsil Semiconductor Corporation)
    R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-22] (Realsil Semiconductor Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4733184 2015-10-14] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated)
    S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2015-11-25] (SlimWare Utilities, Inc.)
    R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-09-05] (Synaptics Incorporated)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
    R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
    S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-10-14] (wisecleaner.com)
    R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [214720 2015-10-29] (Microsoft Corporation)
    S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
    S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-25 09:40 - 2015-11-25 09:41 - 00029708 _____ C:\Users\Bob\Desktop\Addition.txt
    2015-11-25 09:39 - 2015-11-25 10:05 - 00016395 _____ C:\Users\Bob\Desktop\FRST.txt
    2015-11-25 09:16 - 2015-11-25 09:16 - 02348544 _____ (Farbar) C:\Users\Bob\Desktop\FRST64.exe
    2015-11-24 23:06 - 2015-11-24 23:06 - 00000241 _____ C:\Users\Bob\Downloads\Search.txt
    2015-11-24 20:22 - 2015-11-24 20:22 - 00000000 ____D C:\Users\Bob\Downloads\FRST-OlderVersion
    2015-11-23 22:11 - 2015-11-25 09:19 - 00000232 _____ C:\Windows\setupact.log
    2015-11-23 22:11 - 2015-11-23 22:11 - 00000000 _____ C:\Windows\setuperr.log
    2015-11-23 15:48 - 2015-11-25 09:31 - 00007644 _____ C:\Windows\runSW.log
    2015-11-23 08:00 - 2015-11-23 08:00 - 00031765 _____ C:\Users\Bob\Downloads\Addition.txt
    2015-11-23 07:59 - 2015-11-24 22:53 - 00038632 _____ C:\Users\Bob\Downloads\FRST.txt
    2015-11-23 07:58 - 2015-11-25 10:05 - 00000000 ____D C:\FRST
    2015-11-23 07:57 - 2015-11-24 20:22 - 02348544 _____ (Farbar) C:\Users\Bob\Downloads\FRST64.exe
    2015-11-22 21:52 - 2015-11-22 21:52 - 00001284 _____ C:\Users\Bob\Documents\malwarebytes log file.xml
    2015-11-22 14:06 - 2015-11-22 14:06 - 00003584 _____ C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HijackThis.lnk
    2015-11-22 14:00 - 2015-11-22 14:00 - 00000000 ____D C:\Users\Bob\Downloads\backups
    2015-11-22 13:23 - 2015-11-22 21:34 - 00009556 _____ C:\Users\Bob\Desktop\hijackthis.log
    2015-11-22 13:22 - 2015-11-22 14:06 - 00009556 _____ C:\Users\Bob\Downloads\hijackthis.log
    2015-11-22 13:21 - 2015-11-22 13:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bob\Downloads\HijackThis.exe
    2015-11-22 13:10 - 2015-11-23 07:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-11-22 13:10 - 2015-11-22 13:10 - 00000525 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-11-22 13:10 - 2015-11-22 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-11-22 13:09 - 2015-11-22 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-11-22 13:09 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-11-22 13:09 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-11-22 13:09 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2015-11-22 13:07 - 2015-11-22 13:08 - 22908888 _____ (Malwarebytes ) C:\Users\Bob\Downloads\mbam-setup-2.2.0.1024.exe
    2015-11-22 10:32 - 2015-11-22 10:33 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
    2015-11-22 09:25 - 2015-11-22 09:25 - 00000000 ___HD C:\$Windows.~BT
    2015-11-22 09:14 - 2015-11-22 09:15 - 00000194 _____ C:\Users\Bob\Downloads\setup.log
    2015-11-22 09:14 - 2015-11-22 09:14 - 00000000 ____D C:\Users\Bob\Downloads\Utility
    2015-11-22 09:14 - 2015-11-22 09:14 - 00000000 ____D C:\Users\Bob\Downloads\DrvBin64
    2015-11-22 09:14 - 2015-11-22 09:14 - 00000000 ____D C:\Users\Bob\Downloads\DrvBin32
    2015-11-22 09:14 - 2015-11-22 09:14 - 00000000 ____D C:\Users\Bob\Downloads\APBin
    2015-11-22 09:14 - 2015-06-22 05:24 - 00752856 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
    2015-11-22 09:14 - 2015-06-22 05:24 - 00365272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
    2015-11-22 09:14 - 2015-06-22 05:24 - 00313048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsBaStor.sys
    2015-11-22 09:14 - 2015-06-22 05:24 - 00301784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys
    2015-11-21 18:38 - 2015-11-21 18:38 - 00000301 _____ C:\Users\Bob\Desktop\blackout dates request.txt
    2015-11-21 08:09 - 2015-11-25 09:25 - 00000422 _____ C:\Windows\Tasks\SlimDrivers Startup.job
    2015-11-20 19:34 - 2015-11-20 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-11-20 19:34 - 2015-11-20 19:34 - 00000000 ____D C:\Program Files\7-Zip
    2015-11-20 19:33 - 2015-11-20 19:33 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
    2015-11-20 19:33 - 2015-11-20 19:33 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-11-20 19:33 - 2015-11-20 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-11-20 17:29 - 2015-11-21 19:58 - 00346968 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-11-20 12:24 - 2015-11-20 12:55 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2015-11-20 12:24 - 2015-11-20 12:24 - 00001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-11-20 12:24 - 2015-11-20 12:24 - 00001054 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
    2015-11-20 12:23 - 2015-11-20 12:23 - 08159440 _____ (TeamViewer GmbH) C:\Users\Bob\Downloads\TeamViewer_Setup_en.exe
    2015-11-20 12:15 - 2015-11-20 12:15 - 03495920 _____ (Nanosystems S.r.l.) C:\Users\Bob\Downloads\Supremo.exe
    2015-11-18 22:53 - 2015-11-25 09:45 - 00584304 _____ C:\Windows\WindowsUpdate.log
    2015-11-18 21:42 - 2015-11-18 21:42 - 00001301 _____ C:\Users\Bob\Desktop\Dexterity Test for EDITS - Shortcut.lnk
    2015-11-15 05:56 - 2015-11-21 08:09 - 00002824 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
    2015-11-12 05:27 - 2015-11-12 05:33 - 167730200 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup.exe
    2015-11-11 17:59 - 2015-11-18 21:28 - 00002035 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
    2015-11-11 13:04 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-11-11 13:04 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-11-11 13:04 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-11-11 13:04 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-11-11 13:04 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-11-11 13:04 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-11-11 13:04 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-11-11 13:04 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-11-11 13:04 - 2015-10-30 17:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-11-11 13:04 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-11-11 13:04 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-11-11 13:04 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-11-11 13:04 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-11-11 13:04 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-11-11 13:04 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-11-11 13:04 - 2015-10-30 17:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-11-11 13:04 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-11-11 13:04 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-11-11 13:04 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-11-11 13:04 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-11-11 13:04 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-11-11 13:04 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-11-11 13:04 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-11-11 13:04 - 2015-10-15 11:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-11-11 13:04 - 2015-10-15 10:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-11-11 13:04 - 2015-10-14 18:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-11-11 13:04 - 2015-10-14 18:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-11-11 13:04 - 2015-10-14 18:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-11-11 13:04 - 2015-10-14 18:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-11-11 13:04 - 2015-10-14 18:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-11-11 13:04 - 2015-10-13 12:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-11-11 13:04 - 2015-10-13 12:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-11-11 13:04 - 2015-10-13 10:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2015-11-11 13:04 - 2015-10-13 10:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2015-11-11 13:04 - 2015-10-13 10:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-11-11 13:04 - 2015-10-13 10:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-11-11 13:04 - 2015-10-13 10:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
    2015-11-11 13:04 - 2015-10-13 10:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
    2015-11-11 13:04 - 2015-10-11 01:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-11-11 13:04 - 2015-10-11 01:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-11-11 13:04 - 2015-10-10 13:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-11-11 13:04 - 2015-10-10 13:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-11-11 13:04 - 2015-10-10 13:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-11-11 13:04 - 2015-10-10 12:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-11-11 13:04 - 2015-10-10 12:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-11-11 13:04 - 2015-10-10 12:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-11-11 13:04 - 2015-10-10 11:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-11-11 13:03 - 2015-10-17 09:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-11-11 13:03 - 2015-10-08 11:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2015-11-11 13:03 - 2015-08-10 13:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2015-11-11 13:03 - 2015-08-10 13:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2015-11-11 13:03 - 2015-08-10 12:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2015-11-11 13:03 - 2015-08-10 11:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
    2015-11-11 13:03 - 2015-08-10 11:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2015-11-11 13:03 - 2014-11-10 13:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
    2015-11-08 23:16 - 2015-11-11 09:02 - 00000000 ____D C:\Program Files\Adblock Plus for IE
    2015-11-06 13:31 - 2015-11-08 23:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-11-05 07:56 - 2015-10-20 16:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-11-05 07:56 - 2015-10-20 09:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-11-05 07:56 - 2015-10-20 09:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-11-05 07:56 - 2015-10-20 09:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-11-05 07:56 - 2015-10-20 09:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2015-11-05 07:56 - 2015-10-20 09:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-11-05 07:56 - 2015-10-20 09:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-11-05 07:56 - 2015-10-20 09:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-11-05 07:56 - 2015-10-20 09:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-11-05 07:56 - 2015-10-20 09:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-11-05 07:56 - 2015-10-20 09:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-11-05 07:56 - 2015-10-20 09:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-10-31 21:47 - 2015-10-29 05:29 - 00214720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wofadk.sys
    2015-10-29 19:13 - 2015-08-03 17:58 - 00033960 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
    2015-10-29 10:41 - 2015-11-12 10:10 - 00077904 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
    2015-10-26 16:29 - 2015-11-11 17:56 - 00000000 ____D C:\Program Files (x86)\HP
    2015-10-26 11:42 - 2015-10-26 11:42 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-10-26 11:15 - 2015-10-26 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-10-26 11:13 - 2015-10-26 11:13 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk
    2015-10-26 11:13 - 2015-10-26 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-10-26 11:12 - 2015-10-26 11:13 - 00000000 ____D C:\Program Files\iTunes
    2015-10-26 11:12 - 2015-10-26 11:12 - 00000000 ____D C:\Program Files\iPod

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-25 10:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
    2015-11-25 09:26 - 2014-03-18 04:53 - 00992652 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-11-25 09:25 - 2015-04-06 21:05 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
    2015-11-25 09:25 - 2015-03-24 09:39 - 00000000 ___DO C:\Users\Bob\OneDrive
    2015-11-25 09:19 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-11-25 09:19 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
    2015-11-25 09:04 - 2015-03-24 09:37 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1017224066-2363794573-1830531647-1001
    2015-11-25 08:33 - 2015-03-24 11:09 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{008893CB-D06B-4EFF-B24D-7C837C44A4DA}
    2015-11-24 23:38 - 2015-03-24 09:31 - 00000000 ____D C:\Users\Bob
    2015-11-24 22:26 - 2015-03-24 21:21 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Skype
    2015-11-23 15:03 - 2015-05-20 11:14 - 00000000 ____D C:\Windows\Minidump
    2015-11-23 14:58 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Help
    2015-11-22 13:22 - 2015-03-24 09:31 - 00000000 ____D C:\Users\Bob\AppData\Local\VirtualStore
    2015-11-22 10:37 - 2014-09-19 21:10 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2015-11-22 10:36 - 2015-03-25 18:24 - 00000000 ____D C:\swsetup
    2015-11-22 09:27 - 2014-04-02 18:51 - 00000000 ____D C:\Windows\Panther
    2015-11-22 09:15 - 2015-03-03 11:19 - 00000000 ____D C:\Windows\SysWOW64\sda
    2015-11-22 09:15 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
    2015-11-22 09:14 - 2015-03-03 11:17 - 00000000 ____D C:\Program Files (x86)\Realtek
    2015-11-21 08:48 - 2015-03-25 12:27 - 00000000 ____D C:\Program Files (x86)\360
    2015-11-20 19:34 - 2015-03-24 21:21 - 00000000 ____D C:\ProgramData\Skype
    2015-11-18 22:50 - 2015-03-03 11:19 - 00000000 ____D C:\Program Files\Intel
    2015-11-16 00:42 - 2015-10-24 20:03 - 00000000 ____D C:\Windows\pss
    2015-11-15 06:19 - 2015-03-03 11:17 - 00000000 ___HD C:\Program Files (x86)\Temp
    2015-11-15 06:09 - 2015-03-03 11:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-11-13 18:03 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
    2015-11-12 06:42 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2015-11-11 21:29 - 2015-03-29 20:53 - 00003720 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-11-11 18:24 - 2015-03-24 15:47 - 00000000 ____D C:\Windows\system32\MRT
    2015-11-11 18:19 - 2015-03-24 15:47 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-11-10 17:48 - 2015-04-22 20:51 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-11-08 23:27 - 2015-03-29 20:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-11-08 23:25 - 2015-09-10 20:45 - 00000000 ____D C:\Users\Bob\AppData\LocalLow\Adblock Plus for IE
    2015-11-07 08:10 - 2015-04-22 20:50 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2015-11-07 08:10 - 2015-04-22 20:50 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2015-11-02 19:23 - 2013-08-22 10:38 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-11-02 19:23 - 2013-08-22 10:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-31 22:02 - 2015-03-24 18:06 - 00000000 ____D C:\Users\Bob\AppData\Roaming\SWF.max
    2015-10-29 19:13 - 2015-03-03 11:31 - 00000000 ____D C:\ProgramData\Synaptics
    2015-10-28 14:47 - 2015-09-03 21:46 - 00000000 ___RD C:\Users\Bob\iCloudDrive
    2015-10-26 16:36 - 2015-03-24 18:07 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-10-26 16:36 - 2015-03-24 18:07 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2015-10-26 11:33 - 2015-09-03 21:46 - 00000000 ____D C:\Users\Bob\AppData\Local\Apple Inc
    2015-10-26 11:12 - 2015-09-04 10:15 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-10-26 11:12 - 2015-09-03 21:19 - 00000000 ____D C:\Program Files\Common Files\Apple

    ==================== Files in the root of some directories =======

    2015-10-01 19:58 - 2015-10-01 20:11 - 50063360 _____ () C:\Program Files (x86)\GUT4C32.tmp
    2015-03-29 08:28 - 2015-03-29 08:28 - 0005049 _____ () C:\ProgramData\wwznqdpf.eax

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-11-24 16:37

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
    Ran by Bob (2015-11-25 10:06:55)
    Running from C:\Users\Bob\Desktop
    Windows 8.1 Connected (X64) (2015-03-24 14:31:50)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1017224066-2363794573-1830531647-500 - Administrator - Disabled)
    Bob (S-1-5-21-1017224066-2363794573-1830531647-1001 - Administrator - Enabled) => C:\Users\Bob
    Guest (S-1-5-21-1017224066-2363794573-1830531647-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1017224066-2363794573-1830531647-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    Aero SWF.max 1.6.860 (HKLM-x32\...\SWF.max) (Version: - .max)
    Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9870 - Broadcom Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
    HP Documentation (HKLM-x32\...\{9BCC40C6-8A7C-4134-AF7D-9C2332E2DA80}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{403E9EFF-C4B4-4308-BA4E-7093B6BA03D5}) (Version: 2.5.5 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
    iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
    Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2210 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
    Jarte 5.2 (HKLM-x32\...\Jarte_is1) (Version: 5.2 - Carolina Road Software L.L.C.)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
    REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.26 - REALTEK Semiconductor Corp.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.94 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.41 - REALTEK Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0243 - )
    Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.)
    SlimDrivers (HKLM-x32\...\{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}) (Version: 2.2.45206 - SlimWare Utilities, Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
    Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.29.0 - Synaptics Incorporated)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1017224066-2363794573-1830531647-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

    ==================== Restore Points =========================

    25-11-2015 09:17:21 Restore Point Created by FRST
    25-11-2015 10:02:29 Removed LavasoftTcpService.
    25-11-2015 10:03:28 Removed Ad-Aware Web Companion.

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2015-11-25 09:17 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0A378DD2-8F00-4997-ACA2-107766AAF19F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-10-21] (Apple Inc.)
    Task: {0AD46DE4-EA12-4E6A-BCCF-EB506F64205D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
    Task: {159B20FF-2F79-4F2A-B752-6503C68048BC} - System32\Tasks\HPCeeScheduleForBob => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {259E2E81-4918-4529-9BE4-607E39C0EC5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
    Task: {2A31A7B2-9F2C-4354-B3FD-62E521BA197D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
    Task: {3D05275A-E5DA-4DA6-9522-33AEF241009E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {3FF9F6FA-2262-469B-90D8-774D7C373208} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {4280186D-6927-4246-87A4-42F9274A9322} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
    Task: {6212FB29-74C4-496D-B58E-85E91638419B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-01] (AVAST Software)
    Task: {6BE97DFD-CDF3-4D50-A994-33DCEAFE6CCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
    Task: {6DB3243A-94FD-4727-A532-193F1180DA6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-09-28] (Hewlett-Packard)
    Task: {71B20D6F-3049-401F-9229-A8E0CFA27134} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
    Task: {7624719D-03A2-4224-88B9-941F3CF488FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
    Task: {A8A45C3D-B115-4D50-A11E-E069B7D3C790} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-02-27] (SlimWare Utilities, Inc.)
    Task: {AF2B78DD-F36B-4596-9394-CFCBA9B148EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {B3FDD6E1-7BE6-4D94-9B1F-C6665344A90B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
    Task: {BA908F1E-01F5-429C-A64C-5526DA0C13AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)
    Task: {BA9A5314-30EC-4748-947D-1202E64502F6} - System32\Tasks\SUPERAntiSpyware Scheduled Task 506032f2-cced-4bca-a53e-09acc89a1078 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {D84B808F-EB8B-4663-A856-135558CBEECB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2014-08-21] (Hewlett-Packard Company)
    Task: {F340FDFA-E311-48BB-A3D3-08D7159B690E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
    Task: {F89DF2BE-67B6-4AB1-B9EE-1A8634971AC2} - \{55F56A92-4570-4212-9249-9326DF1BB5C3} -> No File <==== ATTENTION
    Task: {FDF4603D-FDD9-4239-AA81-B53AD436F4CD} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2014-05-15] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\HPCeeScheduleForBob.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 506032f2-cced-4bca-a53e-09acc89a1078.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-03 11:21 - 2014-10-11 09:24 - 00098816 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
    2015-07-09 06:10 - 2014-04-15 09:36 - 00036864 _____ () C:\Windows\runSW.exe
    2015-10-01 11:24 - 2015-10-01 11:24 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-10-01 11:24 - 2015-10-01 11:24 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-11-24 19:41 - 2015-11-24 19:41 - 02994688 _____ () C:\Program Files\AVAST Software\Avast\defs\15112402\algo.dll
    2015-11-25 09:22 - 2015-11-25 09:22 - 02995712 _____ () C:\Program Files\AVAST Software\Avast\defs\15112500\algo.dll
    2015-10-01 11:24 - 2015-10-01 11:24 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\...\localhost -> localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1017224066-2363794573-1830531647-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: QHActiveDefense =>
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{5A91221A-A892-4118-80CE-6384D77DE4BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{8DDE7D4B-B01B-433F-8525-B9D4BB7B67F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C1AA3546-DD03-4881-8EF7-0A7A498A78F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [TCP Query User{3597E3DD-381F-42C8-BAE3-8AADBB55E1C8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{92E04EE1-5F10-4998-A974-4446B74962B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{B90525B8-A804-4CDC-B41B-F2290B53FC43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{B43E81CB-457D-401E-B9EC-E2A674843B5B}] => (Allow) C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    FirewallRules: [{202B8906-45D5-4997-948C-67795CC2AB51}] => (Allow) C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    FirewallRules: [{DFE3115D-DC10-4D88-96CF-4B3FDB87EC82}] => (Allow) C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    FirewallRules: [{E06DC021-4784-4551-89F3-2425222FE4CD}] => (Allow) C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    FirewallRules: [{E02C980A-08B8-4312-A455-0EA18B494D6B}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    FirewallRules: [{3FE60273-2533-45BB-A758-B86D11729C2C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    FirewallRules: [{6A6CFC89-6B3D-4847-BCF1-FB74AB0B8837}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    FirewallRules: [{C9239AD1-436F-45DD-BEB7-6819B23BC226}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    FirewallRules: [{B29A4FC9-4ECA-47A0-BC69-AC3FE28F77C0}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
    FirewallRules: [{23F0F2E9-0EA0-4D9E-A5AC-87269D150E3D}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
    FirewallRules: [{E2EB7F49-95D5-4F5D-BFBC-CB9348929327}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
    FirewallRules: [{AD38C3BE-8D68-424A-AFC6-BD2ED7FFB015}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
    FirewallRules: [{37F7F3B4-CCF4-475D-B022-A46252246CDC}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{4F67AD59-F0A3-421D-82D0-CDB732C78259}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{A8ACF763-33D9-4246-92D5-FC87D3F95386}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{3009FFDD-4157-4FD9-AB95-7E1F40C3EDF3}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{A02B7BB0-F213-4CAC-B6CF-DB5D36D85BAC}] => (Allow) LPort=139
    FirewallRules: [{AADA3F97-E74E-4B21-A549-455D3654E807}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{7E24C326-1BC3-4A68-BA45-FEF0DF5F1264}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2D0740BB-3BA9-405B-A99E-1C53F00A6BE2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{B0F08C62-4E3C-418B-ABFE-00ED76CF0EF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{393A5467-41E5-48CA-9830-49FBDD2D5122}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{66B5DE45-AB82-438B-8C92-5E089995D9CE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{D75EC6E1-1897-4588-AA93-103411BB55AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{46802934-3A61-4793-947A-9B1560BEBA22}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D6C700B9-B269-49AC-B277-BBFEC98EA449}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\ClearSysReg.exe
    FirewallRules: [{26713062-5E6A-47A6-B02F-761E5D342C1C}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\ClearSysReg.exe
    FirewallRules: [{ECEFA7C0-D04F-49F2-A00D-036AD755C6CE}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\ClearSysReg.exe
    FirewallRules: [{7A37E8B8-915A-4F17-9934-724B82C86DD3}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\ClearSysReg.exe
    FirewallRules: [{DC35BC71-37AA-4703-B57B-0EEB57923FA5}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\SetSysTray.exe
    FirewallRules: [{079701B3-AACC-408B-A61B-8AA8F9A22BC0}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\SetSysTray.exe
    FirewallRules: [{1C686453-AE91-45AF-BA9C-F869B15078F8}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\SetSysTray.exe
    FirewallRules: [{0353DE54-963C-475A-ABBB-8A89849923C6}] => (Allow) C:\Program Files\Hewlett-Packard\Energy Star\SetSysTray.exe
    FirewallRules: [{57012C7E-11DC-4B9B-A3F2-373FD8ECEE84}] => (Allow) C:\Program Files\Hewlett-Packard\Shared\WizInstaller.exe
    FirewallRules: [{5DBA2D4F-414C-45AD-B113-C599FC7BFD99}] => (Allow) C:\Program Files\Hewlett-Packard\Shared\WizInstaller.exe
    FirewallRules: [{DD47367E-2FDB-406F-B123-13B7C0E4D08A}] => (Allow) C:\Program Files\Hewlett-Packard\Shared\WizInstaller.exe
    FirewallRules: [{E7DC64CD-D316-4733-8002-CF90C6ED1EC0}] => (Allow) C:\Program Files\Hewlett-Packard\Shared\WizInstaller.exe
    FirewallRules: [{287F6BB0-86FB-46C4-836D-E7E95D836466}] => (Allow) LPort=139
    FirewallRules: [{97D4942D-E3E9-4828-829F-1788249F4B5B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{DEB83B68-56CB-466D-A080-3C3078079DC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{89F8B416-2065-4538-97F9-7FAAF00AA067}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{44315EFC-675D-4DED-8575-B7619BD5436D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/25/2015 09:21:40 AM) (Source: SetupARService) (EventID: 0) (User: )
    Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
    at SetupAfterRebootService.SetupARService.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error: (11/25/2015 09:17:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service LavasoftTcpService since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (11/25/2015 09:17:20 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {53fc2eeb-091b-49a5-8c7d-08a8ee9891d8}

    Error: (11/25/2015 09:16:54 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {53fc2eeb-091b-49a5-8c7d-08a8ee9891d8}

    Error: (11/24/2015 10:35:35 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80004005, "file:///D:\[a4a6aa9d-b69f-4579-8431-564643c6e87d]\DCIM\100KM575\">.

    Error: (11/24/2015 10:35:11 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
    Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070020, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

    Error: (11/24/2015 10:33:35 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.

    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (11/24/2015 10:33:35 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application

    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (11/24/2015 10:33:35 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (11/24/2015 10:33:35 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)


    System errors:
    =============
    Error: (11/25/2015 09:25:02 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Work Folders service hung on starting.

    Error: (11/25/2015 09:23:02 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Network Connection Broker service hung on starting.

    Error: (11/25/2015 09:21:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Encryption Provider Host Service service terminated with the following error:
    %%1064

    Error: (11/25/2015 09:21:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Software Framework Service service failed to start due to the following error:
    %%1053

    Error: (11/25/2015 09:21:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (120000 milliseconds) while waiting for the HP Software Framework Service service to connect.

    Error: (11/25/2015 09:19:10 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\system32\Rtlihvs.dll

    Error: (11/25/2015 09:19:10 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\system32\Rtlihvs.dll

    Error: (11/25/2015 09:19:09 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\system32\Rtlihvs.dll

    Error: (11/25/2015 09:17:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 4 time(s).

    Error: (11/25/2015 09:17:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The TeamViewer 10 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
    Percentage of memory in use: 66%
    Total physical RAM: 1939.04 MB
    Available physical RAM: 654.45 MB
    Total Virtual: 3155.04 MB
    Available Virtual: 1526.9 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:21.54 GB) (Free:0.82 GB) NTFS
    Drive d: () (Removable) (Total:28.77 GB) (Free:23.54 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 29.1 GB) (Disk ID: 8712411B)

    Partition: GPT.

    ========================================================
    Disk: 1 (Size: 28.8 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    Please be advised that:

    a) system crashes randomly with error messageriver IRQL not less or equal to zero (rtwlane.sys)
    b) system takes an unusually long time to restart, HOWEVER, system starts right up when powered on from when system was last shut down manually.

    Thank You
    Last edited by mrr107i; 11-25-2015 at 09:20 AM.

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hello,

    It's possible Donna is traveling.

    Please run the two adware scans, and post associated log files.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • The report will be saved in the C:\AdwCleaner folder.


    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;

    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log

Page 1 of 2 12 LastLast