-
Junior Member
Logs Posted as directed
First I would like to thank you all for your assistance. These are the files from the programs indicated in the instructions.
FYI: I use Chrome and no other browser. I am responsible for disabling adapters that are not useful. All of my peripherals are wired. No IPv6 is used by me. Please advise if I have errored or not been complete.
Many Thanks.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Mobo3 (administrator) on MOBO3-HP on 29-07-2014 14:10:02
Running from C:\Users\Mobo3\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Safer Networking Limited) C:\Program Files (x86)\SDistTest\SDistTestSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Safer Networking\RegAlyzer\RegAlyzer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-04] (AVAST Software)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-09] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-514509154-2116992565-1534942020-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-514509154-2116992565-1534942020-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-514509154-2116992565-1534942020-1000\...\MountPoints2: {dfd7a736-5ffc-11e3-a80d-b4b52fdb4de9} - "J:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quick Connect.lnk
ShortcutTarget: Quick Connect.lnk -> C:\Program Files (x86)\Tific\Tific Client G1\TiFiC.exe (Tific)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Mobo3\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Mobo3\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mobo3\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-05]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.msn.com/?pc=UWDF&ocid=UWDFDHP"
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Mobo3\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-07-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mobo3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Google Calendar) - C:\Users\Mobo3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-07-28]
CHR Extension: (avast! Online Security) - C:\Users\Mobo3\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-08]
CHR Extension: (Pin It Button) - C:\Users\Mobo3\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-28]
CHR Extension: (Google Wallet) - C:\Users\Mobo3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-04] (AVAST Software)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 SDisTestService; C:\Program Files (x86)\SDistTest\SDistTestSvc.exe [907680 2008-11-24] (Safer Networking Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Tific System Service; C:\Program Files (x86)\Common Files\Tific\Tific Client G1\Tific System Service.exe [1700648 2014-07-01] (Tific AB)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-06-02] (Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Conexant Systems, Inc.) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-29 14:10 - 2014-07-29 14:10 - 00015137 _____ () C:\Users\Mobo3\Downloads\FRST.txt
2014-07-29 14:08 - 2014-07-29 14:10 - 00000000 ____D () C:\FRST
2014-07-29 14:06 - 2014-07-29 14:06 - 02093568 _____ (Farbar) C:\Users\Mobo3\Downloads\FRST64.exe
2014-07-29 06:52 - 2014-07-29 06:52 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MOBO3-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-07-29 06:51 - 2014-07-29 06:51 - 00002197 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-07-29 06:51 - 2014-07-29 06:51 - 00000000 ____D () C:\RegBackup
2014-07-29 06:51 - 2014-07-29 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-29 06:50 - 2014-07-29 06:50 - 04057608 _____ () C:\Users\Mobo3\Downloads\tweaking.com_registry_backup_setup.exe
2014-07-29 06:50 - 2014-07-29 06:50 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-28 18:07 - 2014-07-28 18:07 - 00000000 ____D () C:\Users\Mobo3\AppData\Roaming\Safer Networking
2014-07-28 18:06 - 2014-07-28 18:06 - 01752632 _____ (Safer-Networking Ltd. ) C:\Users\Mobo3\Downloads\regalyz-1.6.2.16.exe
2014-07-28 18:06 - 2014-07-28 18:06 - 01752632 _____ (Safer-Networking Ltd. ) C:\Users\Mobo3\Downloads\regalyz-1.6.2.16 (1).exe
2014-07-28 14:13 - 2014-07-29 14:01 - 00035101 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 14:11 - 2014-07-28 17:55 - 00000112 _____ () C:\Windows\setupact.log
2014-07-28 14:11 - 2014-07-28 14:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-28 12:58 - 2014-07-28 12:58 - 00000868 _____ () C:\Windows\PFRO.log
2014-07-28 12:52 - 2014-07-28 12:52 - 00033616 _____ () C:\Users\Mobo3\Documents\cc_20140728_125246.reg
2014-07-28 12:15 - 2014-07-28 12:15 - 02657376 _____ (Safer Networking Limited ) C:\Users\Mobo3\Downloads\netalyz-0.4.2.4.exe
2014-07-28 12:10 - 2014-07-28 18:06 - 00000000 ____D () C:\Program Files (x86)\Safer Networking
2014-07-28 12:10 - 2014-07-28 12:10 - 03930952 _____ (Safer Networking Limited ) C:\Users\Mobo3\Downloads\sbiedit-1.6.2.16.exe
2014-07-28 12:04 - 2014-07-28 12:05 - 03614688 _____ (Safer Networking Limited ) C:\Users\Mobo3\Downloads\sddt-1.6.1 (1).exe
2014-07-28 12:03 - 2014-07-29 08:05 - 00000000 ____D () C:\Program Files (x86)\SDistTest
2014-07-28 12:03 - 2014-07-28 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
2014-07-28 12:02 - 2014-07-28 12:02 - 03614688 _____ (Safer Networking Limited ) C:\Users\Mobo3\Downloads\sddt-1.6.1.exe
2014-07-28 11:41 - 2014-07-28 11:41 - 00000000 ____D () C:\Users\Mobo3\Documents\ProcAlyzer Dumps
2014-07-28 11:34 - 2014-07-28 11:34 - 00000000 ____D () C:\Users\Mobo3\Documents\Poetry
2014-07-28 10:55 - 2014-07-28 10:55 - 00794008 _____ ( ) C:\Users\Mobo3\Downloads\FreeFileViewerDMSetup.exe
2014-07-28 09:47 - 2014-07-28 09:47 - 01702264 _____ (Hewlett-Packard Development Company, L.P. ) C:\Users\Mobo3\Downloads\sp57391.exe
2014-07-28 09:47 - 2014-07-28 09:47 - 00000000 ____D () C:\Users\Mobo3\AppData\Roaming\WinBatch
2014-07-28 09:42 - 2014-07-28 09:43 - 05017600 _____ () C:\Users\Mobo3\Downloads\HPSupportSolutionsFramework-11.50.0031.msi
2014-07-27 06:21 - 2014-07-27 06:21 - 00003234 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-07-27 06:17 - 2014-07-27 06:17 - 00003130 _____ () C:\Windows\System32\Tasks\JetCleanLoginCheckUpdate
2014-07-27 06:13 - 2014-07-27 06:13 - 00000000 ___HD () C:\Windows\PIF
2014-07-24 18:24 - 2014-07-24 18:33 - 00000000 ____D () C:\Users\Mobo3\AppData\Local\Anvil Studio
2014-07-24 17:41 - 2014-07-24 17:41 - 00002609 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvil Studio.lnk
2014-07-24 17:41 - 2014-07-24 17:41 - 00002597 _____ () C:\Users\Public\Desktop\Anvil Studio.lnk
2014-07-24 17:41 - 2014-07-24 17:41 - 00000000 ____D () C:\Program Files (x86)\Anvil Studio 2013
2014-07-24 17:40 - 2014-03-01 14:46 - 03376128 _____ () C:\Users\Mobo3\Downloads\astudio.msi
2014-07-24 17:40 - 2014-03-01 14:45 - 00434240 _____ () C:\Users\Mobo3\Downloads\setup.exe
2014-07-24 17:39 - 2014-07-24 17:39 - 00929416 _____ (CNET Download.com) C:\Users\Mobo3\Downloads\cbsidlm-cbsi188-Anvil_Studio-SEO-10018271.exe
2014-07-24 16:55 - 2014-07-24 17:44 - 00000000 ____D () C:\Users\Mobo3\AppData\Roaming\Music Coach
2014-07-24 16:54 - 2014-07-24 16:55 - 00000000 ____D () C:\ProgramData\Music Coach
2014-07-20 16:39 - 2014-07-20 16:39 - 00000082 _____ () C:\Users\Mobo3\Documents\cc_20140720_163939.reg
2014-07-15 17:03 - 2014-07-15 17:03 - 06335288 _____ (YL Computing, Inc ) C:\Users\Mobo3\Downloads\wufinstall.exe
2014-07-14 12:12 - 2014-07-14 12:13 - 00000534 _____ () C:\Users\Mobo3\Documents\Reg file SDK.reg
2014-07-14 07:12 - 2014-07-14 07:12 - 00000512 _____ () C:\Users\Mobo3\Documents\Email.crd
2014-07-09 03:59 - 2014-06-29 20:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 03:59 - 2014-06-29 20:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 03:59 - 2014-06-20 14:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 03:59 - 2014-06-20 13:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 03:59 - 2014-06-18 19:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 03:59 - 2014-06-18 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 03:59 - 2014-06-18 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 03:59 - 2014-06-18 18:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 03:59 - 2014-06-18 18:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 03:59 - 2014-06-18 18:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 03:59 - 2014-06-18 18:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 03:59 - 2014-06-18 18:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 03:59 - 2014-06-18 18:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 03:59 - 2014-06-18 18:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 03:59 - 2014-06-18 18:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 03:59 - 2014-06-18 18:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 03:59 - 2014-06-18 18:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 03:59 - 2014-06-18 18:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 03:59 - 2014-06-18 18:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 03:59 - 2014-06-18 18:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 03:59 - 2014-06-18 18:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 03:59 - 2014-06-18 17:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 03:59 - 2014-06-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 03:59 - 2014-06-18 17:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 03:59 - 2014-06-18 17:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 03:59 - 2014-06-18 17:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 03:59 - 2014-06-18 17:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 03:59 - 2014-06-18 17:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 03:59 - 2014-06-18 17:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 03:59 - 2014-06-18 17:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 03:59 - 2014-06-18 17:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 03:59 - 2014-06-18 17:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 03:59 - 2014-06-18 17:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 03:59 - 2014-06-18 17:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 03:59 - 2014-06-18 17:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 03:59 - 2014-06-18 17:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 03:59 - 2014-06-18 17:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 03:59 - 2014-06-18 17:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 03:59 - 2014-06-18 17:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 03:59 - 2014-06-18 17:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 03:59 - 2014-06-18 17:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 03:59 - 2014-06-18 17:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 03:59 - 2014-06-18 17:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 03:59 - 2014-06-18 17:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 03:59 - 2014-06-18 16:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 03:59 - 2014-06-18 16:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 03:59 - 2014-06-18 16:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 03:59 - 2014-06-18 16:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 03:59 - 2014-06-18 16:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 03:59 - 2014-06-18 16:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 03:59 - 2014-06-18 16:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 03:59 - 2014-06-18 16:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 03:59 - 2014-06-18 16:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 03:59 - 2014-06-18 16:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 03:59 - 2014-06-18 16:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 03:59 - 2014-06-18 16:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 03:59 - 2014-06-18 16:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 03:59 - 2014-06-18 16:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 03:59 - 2014-06-17 20:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 03:59 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 03:59 - 2014-06-17 19:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 03:59 - 2014-06-06 04:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 03:59 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 03:59 - 2014-05-30 02:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 03:59 - 2014-05-30 02:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 03:59 - 2014-05-30 02:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 03:59 - 2014-05-30 02:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 03:59 - 2014-05-30 02:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 03:59 - 2014-05-30 02:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 03:59 - 2014-05-30 02:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 03:59 - 2014-05-30 01:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 03:59 - 2014-05-30 01:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 03:59 - 2014-05-30 01:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 03:59 - 2014-05-30 01:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 03:59 - 2014-05-30 01:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 03:59 - 2014-05-30 01:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 03:59 - 2014-05-30 01:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 03:59 - 2014-05-30 00:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 03:58 - 2014-06-05 08:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 03:58 - 2014-06-05 08:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 03:58 - 2014-06-05 08:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 17:00 - 2014-07-08 17:00 - 00003857 _____ () C:\Users\Mobo3\Documents\Last Practice Playlist.m3u8
2014-07-08 16:58 - 2014-07-08 16:58 - 00003857 _____ () C:\Users\Mobo3\Desktop\Last Practice Playlist.m3u8
2014-07-06 08:42 - 2014-05-13 09:15 - 00010240 _____ () C:\Users\Mobo3\AppData\Local\Z@!-a9f2463d-5ea1-4ecf-a4ae-7cc4cc1101e3.tmp
2014-07-06 08:42 - 2014-05-13 09:15 - 00009216 _____ () C:\Users\Mobo3\AppData\Local\Z@S!-66ff8a2c-ba48-4d54-8f5e-501a872fe535.tmp
2014-07-06 08:39 - 2014-07-06 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Connect
2014-07-05 08:30 - 2014-07-05 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-05 08:30 - 2014-07-05 08:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-05 08:30 - 2014-07-05 08:30 - 00000000 ____D () C:\Program Files\iTunes
2014-07-05 08:30 - 2014-07-05 08:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-04 08:43 - 2014-07-04 08:44 - 00003024 _____ () C:\Users\Mobo3\Documents\cc_20140704_084351.reg
2014-07-04 08:31 - 2014-07-04 08:31 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-04 08:31 - 2014-07-04 08:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-03 16:14 - 2014-07-03 16:14 - 00069632 _____ () C:\Users\Mobo3\Documents\WINDOWS REMOTE OPERATIONAL lOG.evtx
2014-07-03 08:12 - 2014-07-03 08:12 - 00004357 _____ () C:\Users\Mobo3\Documents\REPORT.htm
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-29 14:10 - 2014-07-29 14:10 - 00015137 _____ () C:\Users\Mobo3\Downloads\FRST.txt
2014-07-29 14:10 - 2014-07-29 14:08 - 00000000 ____D () C:\FRST
2014-07-29 14:06 - 2014-07-29 14:06 - 02093568 _____ (Farbar) C:\Users\Mobo3\Downloads\FRST64.exe
2014-07-29 14:01 - 2014-07-28 14:13 - 00035101 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 11:37 - 2013-12-17 12:48 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-29 11:37 - 2013-12-10 19:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-29 10:35 - 2013-12-11 19:35 - 00000000 ____D () C:\Users\Mobo3\AppData\Roaming\Winamp
2014-07-29 10:34 - 2014-06-05 17:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-29 08:05 - 2014-07-28 12:03 - 00000000 ____D () C:\Program Files (x86)\SDistTest
2014-07-29 06:52 - 2014-07-29 06:52 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MOBO3-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-07-29 06:51 - 2014-07-29 06:51 - 00002197 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-07-29 06:51 - 2014-07-29 06:51 - 00000000 ____D () C:\RegBackup
2014-07-29 06:51 - 2014-07-29 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-29 06:50 - 2014-07-29 06:50 - 04057608 _____ () C:\Users\Mobo3\Downloads\tweaking.com_registry_backup_setup.exe
2014-07-29 06:50 - 2014-07-29 06:50 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-28 18:07 - 2014-07-28 18:07 - 00000000 ____D () C:\Users\Mobo3\AppData\Roaming\Safer Networking
2014-07-28 18:06 - 2014-07-28 18:06 - 01752632 _____ (Safer-Networking Ltd. ) C:\Users\Mobo3\Downloads\regalyz-1.6.2.16.exe
2014-07-28 18:06 - 2014-07-28 18:06 - 01752632 _____ (Safer-Networking Ltd. ) C:\Users\Mobo3\Downloads\regalyz-1.6.2.16 (1).exe
2014-07-28 18:06 - 2014-07-28 12:10 - 00000000 ____D () C:\Program Files (x86)\Safer Networking
2014-07-28 18:06 - 2014-07-28 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
2014-07-28 18:01 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 18:01 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 17:56 - 2013-12-08 22:59 - 00000000 ____D () C:\Users\Mobo3\AppData\Roaming\Tific
2014-07-28 17:56 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-28 17:55 - 2014-07-28 14:11 - 00000112 _____ () C:\Windows\setupact.log
2014-07-28 16:15 - 2014-01-05 17:29 - 00000000 ____D () C:\Users\Mobo3\AppData\Local\CrashDumps
2014-07-28 14:11 - 2014-07-28 14:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-28 12:58 - 2014-07-28 12:58 - 00000868 _____ () C:\Windows\PFRO.log
2014-07-28 12:52 - 2014-07-28 12:52 - 00033616 _____ () C:\Users\Mobo3\Documents\cc_20140728_125246.reg
2014-07-28 12:44 - 2014-06-05 17:55 - 00001994 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-07-28 12:44 - 2014-06-05 17:55 - 00001934 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-07-28 12:15 - 2014-07-28 12:15 - 02657376 _____ (Safer Networking Limited ) C:\Users\Mobo3\Downloads\netalyz-0.4.2.4.exe
2014-07-28 12:10 - 2014-07-28 12:10 - 03930952 _____ (Safer Networking Limited ) C:\Users\Mobo3\Downloads\sbiedit-1.6.2.16.exe
2014-07-28 12:05 - 2014-07-28 12:04 - 03614688 _____ (Safer Networking Limited ) C:\Users\Mobo3\Downloads\sddt-1.6.1 (1).exe
2014-07-28 12:02 - 2014-07-28 12:02 - 03614688 _____ (Safer Networking Limited ) C:\Users\Mobo3\Downloads\sddt-1.6.1.exe
2014-07-28 11:54 - 2013-12-08 12:43 - 00000000 ____D () C:\Users\Mobo3\AppData\Local\VirtualStore
2014-07-28 11:41 - 2014-07-28 11:41 - 00000000 ____D () C:\Users\Mobo3\Documents\ProcAlyzer Dumps
2014-07-28 11:34 - 2014-07-28 11:34 - 00000000 ____D () C:\Users\Mobo3\Documents\Poetry
2014-07-28 11:26 - 2013-12-09 08:03 - 00000000 ____D () C:\Users\Mobo3\Documents\PDF
2014-07-28 11:15 - 2014-01-20 10:13 - 00000000 ____D () C:\remote-service
2014-07-28 11:15 - 2013-12-17 12:55 - 00000600 _____ () C:\Users\Mobo3\AppData\Roaming\winscp.rnd
2014-07-28 10:55 - 2014-07-28 10:55 - 00794008 _____ ( ) C:\Users\Mobo3\Downloads\FreeFileViewerDMSetup.exe
2014-07-28 10:42 - 2013-12-08 12:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2014-07-28 10:42 - 2013-12-08 12:03 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-07-28 10:16 - 2013-12-08 12:29 - 00000000 ____D () C:\Users\Mobo3
2014-07-28 10:02 - 2013-12-08 12:43 - 00068600 _____ () C:\Users\Mobo3\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-28 10:00 - 2009-07-13 22:45 - 00302624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-28 09:47 - 2014-07-28 09:47 - 01702264 _____ (Hewlett-Packard Development Company, L.P. ) C:\Users\Mobo3\Downloads\sp57391.exe
2014-07-28 09:47 - 2014-07-28 09:47 - 00000000 ____D () C:\Users\Mobo3\AppData\Roaming\WinBatch
2014-07-28 09:43 - 2014-07-28 09:42 - 05017600 _____ () C:\Users\Mobo3\Downloads\HPSupportSolutionsFramework-11.50.0031.msi
2014-07-28 08:40 - 2013-12-09 02:28 - 00000000 ____D () C:\Users\Mobo3\AppData\Roaming\HpUpdate
2014-07-27 06:21 - 2014-07-27 06:21 - 00003234 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-07-27 06:17 - 2014-07-27 06:17 - 00003130 _____ () C:\Windows\System32\Tasks\JetCleanLoginCheckUpdate
2014-07-27 06:13 - 2014-07-27 06:13 - 00000000 ___HD () C:\Windows\PIF
2014-07-27 06:00 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2014-07-24 18:33 - 2014-07-24 18:24 - 00000000 ____D () C:\Users\Mobo3\AppData\Local\Anvil Studio
2014-07-24 17:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-24 17:44 - 2014-07-24 16:55 - 00000000 ____D () C:\Users\Mobo3\AppData\Roaming\Music Coach
2014-07-24 17:41 - 2014-07-24 17:41 - 00002609 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvil Studio.lnk
2014-07-24 17:41 - 2014-07-24 17:41 - 00002597 _____ () C:\Users\Public\Desktop\Anvil Studio.lnk
2014-07-24 17:41 - 2014-07-24 17:41 - 00000000 ____D () C:\Program Files (x86)\Anvil Studio 2013
2014-07-24 17:39 - 2014-07-24 17:39 - 00929416 _____ (CNET Download.com) C:\Users\Mobo3\Downloads\cbsidlm-cbsi188-Anvil_Studio-SEO-10018271.exe
2014-07-24 16:55 - 2014-07-24 16:54 - 00000000 ____D () C:\ProgramData\Music Coach
2014-07-24 16:30 - 2014-02-16 15:15 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-07-24 16:22 - 2013-12-14 01:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 16:22 - 2013-12-14 01:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 09:11 - 2013-12-14 01:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 08:00 - 2013-12-20 12:22 - 00000047 _____ () C:\Windows\SysWOW64\_WKERNEL.SYL
2014-07-20 16:39 - 2014-07-20 16:39 - 00000082 _____ () C:\Users\Mobo3\Documents\cc_20140720_163939.reg
2014-07-17 07:49 - 2013-12-08 20:59 - 00002217 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 06:55 - 2013-12-20 12:21 - 00000000 ____D () C:\Program Files (x86)\WinUtilities
2014-07-15 17:05 - 2013-12-20 12:22 - 00000990 _____ () C:\Users\Public\Desktop\WinUtilities.lnk
2014-07-15 17:05 - 2013-12-20 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities
2014-07-15 17:03 - 2014-07-15 17:03 - 06335288 _____ (YL Computing, Inc ) C:\Users\Mobo3\Downloads\wufinstall.exe
2014-07-14 12:13 - 2014-07-14 12:12 - 00000534 _____ () C:\Users\Mobo3\Documents\Reg file SDK.reg
2014-07-14 07:12 - 2014-07-14 07:12 - 00000512 _____ () C:\Users\Mobo3\Documents\Email.crd
2014-07-14 07:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-07-10 00:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 16:05 - 2014-05-06 23:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 16:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 16:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 12:28 - 2013-12-08 03:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 12:27 - 2013-12-08 03:15 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 17:00 - 2014-07-08 17:00 - 00003857 _____ () C:\Users\Mobo3\Documents\Last Practice Playlist.m3u8
2014-07-08 16:58 - 2014-07-08 16:58 - 00003857 _____ () C:\Users\Mobo3\Desktop\Last Practice Playlist.m3u8
2014-07-08 15:04 - 2014-02-20 08:34 - 00000000 ____D () C:\Users\Mobo3\Documents\Motorcycle Docs
2014-07-06 08:41 - 2013-12-08 22:59 - 00000000 ____D () C:\Users\Mobo3\AppData\Local\Tific
2014-07-06 08:39 - 2014-07-06 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Connect
2014-07-06 08:39 - 2013-12-08 22:59 - 00002087 _____ () C:\Users\Public\Desktop\Quick Connect.lnk
2014-07-05 08:30 - 2014-07-05 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-05 08:30 - 2014-07-05 08:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-05 08:30 - 2014-07-05 08:30 - 00000000 ____D () C:\Program Files\iTunes
2014-07-05 08:30 - 2014-07-05 08:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-05 08:30 - 2013-12-20 12:04 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-04 08:44 - 2014-07-04 08:43 - 00003024 _____ () C:\Users\Mobo3\Documents\cc_20140704_084351.reg
2014-07-04 08:42 - 2009-07-24 13:22 - 00000000 ____D () C:\Windows\Panther
2014-07-04 08:31 - 2014-07-04 08:31 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-04 08:31 - 2014-07-04 08:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-04 08:31 - 2014-06-05 17:54 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-04 08:31 - 2014-06-05 17:54 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-04 08:31 - 2014-06-05 17:54 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-04 08:31 - 2014-06-05 17:54 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-04 08:31 - 2014-06-05 17:54 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-04 08:31 - 2014-06-05 17:54 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-04 08:31 - 2014-06-05 17:54 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-04 08:31 - 2014-06-05 17:54 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-04 08:31 - 2014-06-05 17:54 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-04 08:31 - 2014-06-05 17:54 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-07-03 16:14 - 2014-07-03 16:14 - 00069632 _____ () C:\Users\Mobo3\Documents\WINDOWS REMOTE OPERATIONAL lOG.evtx
2014-07-03 08:12 - 2014-07-03 08:12 - 00004357 _____ () C:\Users\Mobo3\Documents\REPORT.htm
2014-06-30 17:53 - 2009-07-13 23:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 20:09 - 2014-07-09 03:59 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 20:04 - 2014-07-09 03:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\Mobo3\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdq6pmr.dll
C:\Users\Mobo3\AppData\Local\Temp\ICReinstall_FreeFileViewerDMSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 06:40
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Mobo3 at 2014-07-29 14:10:54
Running from C:\Users\Mobo3\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Anvil Studio (HKLM-x32\...\{D193AEDE-FAA2-4B7C-BF8D-2D8CE4F2C281}) (Version: 14.03.01 - Willow Software)
Any Video Converter 5.6.3 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.0.16 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.2.4725 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.027 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 SR-1 Standard (HKLM-x32\...\{00020409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetAlyzer (HKLM-x32\...\{296B2D8E-CE82-92AF-B2E8-937294733038}_is1) (Version: 0.4.2.4 - Safer Networking Limited)
OpenSBI Edit Lite (HKLM-x32\...\{29D3773E-2343-ACDD23-9743-236A846294AA}_is1) (Version: 1.6.2.16 - Safer Networking Limited)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
Quick Connect (HKLM-x32\...\Total Support) (Version: 8.5.9583.20 - PlumChoice, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RegAlyzer (HKLM-x32\...\{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1) (Version: 1.6.2.16 - Safer-Networking Ltd.)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Spybot-S&D Distributed Testing Client (HKLM-x32\...\{341A5362-88DB-484B-97A6-A57F535074CA}_is1) (Version: 1.6.1 - Safer Networking Limited)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
WD Quick View (HKLM-x32\...\{324C58C7-A292-4523-A943-91DE1EB6A1FE}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6ABA2F3-9759-48CD-B25B-A07A811E92E4}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{72fda14f-5a07-49d5-b7f7-202377e9b522}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinUtilities Free Edition 11.15 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 11.15 - YL Computing, Inc)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
09-07-2014 18:25:15 Windows Update
15-07-2014 13:23:53 Windows Update
22-07-2014 11:26:33 Windows Update
24-07-2014 15:09:05 Windows Update
24-07-2014 22:54:18 Installed Music Coach Player
24-07-2014 22:55:31 Installed Contemporary Keyboard
24-07-2014 23:28:21 Installed Instant Play Piano 2 CD-ROM
24-07-2014 23:41:13 Installed Anvil Studio
24-07-2014 23:42:15 Removed Apple Mobile Device Support
24-07-2014 23:42:56 Removed Contemporary Keyboard
24-07-2014 23:43:40 Removed Instant Play Piano 2 CD-ROM
24-07-2014 23:44:28 Removed Music Coach Player
28-07-2014 15:43:08 Installed HP Support Solutions Framework
29-07-2014 11:16:51 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2014-06-18 08:59 - 00450583 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - \Microsoft\Windows\Media Center\PBDADiscovery No Task File <==== ATTENTION
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - \Microsoft\Windows\Media Center\PvrRecoveryTask No Task File <==== ATTENTION
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 No Task File <==== ATTENTION
Task: {220CAC81-BF21-460B-9D0D-6A9619AF97A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {32BC4F6F-2096-4B32-9D3E-C3308F9A6558} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-07-23] (Microsoft)
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService No Task File <==== ATTENTION
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - \Microsoft\Windows\Media Center\PvrScheduleTask No Task File <==== ATTENTION
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask No Task File <==== ATTENTION
Task: {578D0CA6-4844-430C-8D2A-BA79E7C01266} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {5865EB93-FE89-4417-A9EC-3AF3BA329BE9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6DF0087F-F18A-40B9-970F-D35568DBBF6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {71B18348-BBC4-4A98-8762-4488A79A97EF} - \Microsoft\Windows\Media Center\mcupdate_scheduled No Task File <==== ATTENTION
Task: {7225DB6B-F36A-4A8A-B4D3-267F9EE2268C} - \Microsoft\Windows\Media Center\StartRecording No Task File <==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2009-07-13] ()
Task: {75E207A5-0575-446A-974A-D178024369F1} - \Microsoft\Windows\Media Center\RecordingRestart No Task File <==== ATTENTION
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 No Task File <==== ATTENTION
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - \Microsoft\Windows\Media Center\ReindexSearchRoot No Task File <==== ATTENTION
Task: {8784B961-322A-4960-9258-5AB4EEC60C4F} - System32\Tasks\JetCleanLoginCheckUpdate => C:\remote-service\jetclean\AutoUpdate.exe
Task: {8A0D07A0-32A6-4C68-A3CC-9815D7DFC39F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks No Task File <==== ATTENTION
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - \Microsoft\Windows\Media Center\InstallPlayReady No Task File <==== ATTENTION
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - \Microsoft\Windows\Media Center\PeriodicScanRetry No Task File <==== ATTENTION
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager No Task File <==== ATTENTION
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - \Microsoft\Windows\Media Center\ActivateWindowsSearch No Task File <==== ATTENTION
Task: {C0F6927A-E2EA-4EDC-B323-A972D10BCE71} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - \Microsoft\Windows\Media Center\RegisterSearch No Task File <==== ATTENTION
Task: {CE93C8EF-8CF4-4500-B29F-07210628503F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {D36A9969-0E44-465E-B1C2-7F8C6F2C3E42} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {D832CA02-FC47-4D39-BC5F-A1F1A4F73CF7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION
Task: {E4F710C4-CEB4-45CB-9CA7-7155AC301345} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask No Task File <==== ATTENTION
Task: {F271D8FE-4E1B-400C-8002-C29004BB5F53} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {F95DDEC7-9913-46E6-9B90-7D98BFF80641} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Bomgar Task 46223.job => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Loaded Modules (whitelisted) =============
2013-04-29 23:25 - 2013-04-29 23:25 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-07-04 08:31 - 2014-07-04 08:31 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-28 11:01 - 2014-07-28 11:01 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072802\algo.dll
2014-07-29 05:06 - 2014-07-29 05:06 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072900\algo.dll
2014-05-16 18:17 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-16 18:17 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-16 18:17 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-29 11:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-29 11:36 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-07-04 08:31 - 2014-07-04 08:31 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-17 07:49 - 2014-07-15 03:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 07:49 - 2014-07-15 03:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 07:49 - 2014-07-15 03:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 07:49 - 2014-07-15 03:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 07:49 - 2014-07-15 03:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-28 18:06 - 2008-06-19 18:35 - 00333288 _____ () C:\Program Files (x86)\Safer Networking\RegAlyzer\sqlite3.dll
2014-07-17 07:49 - 2014-07-15 03:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
2013-11-26 09:40 - 2013-11-26 09:40 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2009-04-28 14:20 - 2009-04-28 14:20 - 00084480 _____ () C:\Program Files (x86)\Winamp\Plugins\read_file.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tific System Service => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: atashost => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Image Transfer Utility.lnk => C:\Windows\pss\Image Transfer Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Mobo3\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Bomgar_Cleanup_ZD4781417437 => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0000000053587657" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD4781417437 /f
MSCONFIG\startupreg: Dyyno Launcher => "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
==================== Faulty Device Manager Devices =============
Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/28/2014 04:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDPRE.exe, version: 2.3.39.22, time stamp: 0x535a5147
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x000232c3
Faulting process id: 0x11a0
Faulting application start time: 0xSDPRE.exe0
Faulting application path: SDPRE.exe1
Faulting module path: SDPRE.exe2
Report Id: SDPRE.exe3
Error: (07/28/2014 04:10:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDBootCD.exe, version: 2.3.39.109, time stamp: 0x535a514c
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x000113aa
Faulting process id: 0xfb0
Faulting application start time: 0xSDBootCD.exe0
Faulting application path: SDBootCD.exe1
Faulting module path: SDBootCD.exe2
Report Id: SDBootCD.exe3
Error: (07/28/2014 04:10:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDBootCD.exe, version: 2.3.39.109, time stamp: 0x535a514c
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x00030918
Faulting process id: 0xfb0
Faulting application start time: 0xSDBootCD.exe0
Faulting application path: SDBootCD.exe1
Faulting module path: SDBootCD.exe2
Report Id: SDBootCD.exe3
Error: (07/28/2014 03:34:31 PM) (Source: SDistTestSvc.exe) (EventID: 0) (User: )
Description: The service process could not connect to the service controller
Error: (07/28/2014 02:11:22 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/28/2014 02:11:22 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/28/2014 02:11:22 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/28/2014 02:11:22 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/28/2014 02:11:22 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (07/28/2014 02:11:21 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (07/28/2014 06:09:23 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Error: (07/28/2014 02:31:22 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Error: (07/28/2014 02:11:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (07/28/2014 02:11:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (07/28/2014 02:11:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (07/28/2014 02:11:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswNdisFlt
Error: (07/28/2014 01:01:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (07/28/2014 00:59:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (07/28/2014 00:58:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (07/28/2014 00:58:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
Error: (07/28/2014 04:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDPRE.exe2.3.39.22535a5147rtl150.bpl15.0.3953.351714cca139fc0000005000232c311a001cfaab1686cdd96C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPRE.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpla941ed16-16a4-11e4-b3de-b4b52fdb4de9
Error: (07/28/2014 04:10:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDBootCD.exe2.3.39.109535a514crtl150.bpl15.0.3953.351714cca139fc0000005000113aafb001cfaab0c7ce5554C:\Program Files (x86)\Spybot - Search & Destroy 2\SDBootCD.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpl09406a70-16a4-11e4-b3de-b4b52fdb4de9
Error: (07/28/2014 04:10:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDBootCD.exe2.3.39.109535a514cKERNELBASE.dll6.1.7601.1840953159a86c000000500030918fb001cfaab0c7ce5554C:\Program Files (x86)\Spybot - Search & Destroy 2\SDBootCD.exeC:\Windows\syswow64\KERNELBASE.dll087f136b-16a4-11e4-b3de-b4b52fdb4de9
Error: (07/28/2014 03:34:31 PM) (Source: SDistTestSvc.exe) (EventID: 0) (User: )
Description: The service process could not connect to the service controller
Error: (07/28/2014 02:11:22 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (07/28/2014 02:11:22 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/28/2014 02:11:22 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/28/2014 02:11:22 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/28/2014 02:11:22 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (07/28/2014 02:11:21 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 3837.22 MB
Available physical RAM: 2211.52 MB
Total Pagefile: 7672.63 MB
Available Pagefile: 4504.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:917.65 GB) (Free:540.79 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.76 GB) (Free:1.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9F6F1423)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-29 14:22:38
-----------------------------
14:22:38.798 OS Version: Windows x64 6.1.7601 Service Pack 1
14:22:38.798 Number of processors: 4 586 0xA00
14:22:38.798 ComputerName: MOBO3-HP UserName: Mobo3
14:22:40.686 Initialize success
14:22:40.686 VM: initialized successfully
14:22:40.715 VM: Amd CPU supported virtualizedSuspended
14:22:43.433 VM: supported disk I/O storport.sys
14:22:46.866 AVAST engine defs: 14072900
14:23:15.529 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
14:23:15.534 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
14:23:15.607 Disk 0 MBR read successfully
14:23:15.613 Disk 0 MBR scan
14:23:15.620 Disk 0 Windows 7 default MBR code
14:23:15.626 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:23:15.633 Disk 0 default boot code
14:23:15.645 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 939674 MB offset 206911
14:23:15.676 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14092 MB offset 1924661248
14:23:15.729 Disk 0 scanning C:\Windows\system32\drivers
14:23:25.354 Service scanning
14:23:46.232 Modules scanning
14:23:46.244 Disk 0 trace - called modules:
14:23:46.265 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
14:23:46.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80036f4790]
14:23:46.278 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80041e7ac0]
14:23:46.283 5 amd_xata.sys[fffff880010708b4] -> nt!IofCallDriver -> \Device\00000056[0xfffffa80041e09c0]
14:23:48.051 AVAST engine scan C:\Windows
14:23:51.151 AVAST engine scan C:\Windows\system32
14:26:15.248 AVAST engine scan C:\Windows\system32\drivers
14:26:27.506 AVAST engine scan C:\Users\Mobo3
14:39:37.772 AVAST engine scan C:\ProgramData
14:40:31.958 Scan finished successfully
14:44:36.543 Disk 0 MBR has been saved successfully to "C:\Users\Mobo3\Downloads\MBR.dat"
14:44:36.549 The log file has been saved successfully to "C:\Users\Mobo3\Downloads\aswMBR.txt"
-
Looks like your post got lost a bit , but I have you now
Did you set this proxy ?
ProxyServer: localhost:21320
-
Junior Member
Thanks for finding me!
No...I just assumed that it was a Spybot thing. I'm not even familiar with proxies.
-
Hi April,
Download MiniToolBox and save it to your desktop and run it.
Checkmark following checkboxes:
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
=========================================================
Download Malwarebytes' Anti-Malware to your desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- On the Dashboard click on Update Now
- Go to the Setting Tab
- Under Setting go to Detection and Protection
- Under PUP and PUM make sure both are set to show Treat Detections as Malware
- Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
- Then on the Dashboard click on Scan
- Make sure to select THREAT SCAN
- Then click on Scan
- When the scan is finished and the log pops up...select Copy to Clipboard
- Please paste the log back into this thread for review
- Exit Malwarebytes
-
Junior Member
IE Proxy Settings were reset
MiniToolBox by Farbar Version: 21-07-2014
Ran by Mobo3 (administrator) on 04-08-2014 at 05:40:21
Running from "C:\Users\Mobo3\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
"Reset IE Proxy Settings": IE Proxy Settings were reset.
**** End of log ****
-
Junior Member
Malware Bytes Log
Thanks again for your help. I no longer feel abandoned!
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/4/2014
Scan Time: 5:53:25 AM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.04.03
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mobo3
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295840
Time Elapsed: 9 min, 33 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-
I am not really seeing anything earth shattering on your logs, what are you experiencing to make you think you may be infected
-
Junior Member
Uncertainties?
Thanks for asking. For one thing, in control panel, regardless of the number of times I turn off file sharing, it seems to turn itself back on. Pages loading slowly. In the registry, there are many users, and many mounted devices here : "HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices" and because I have 11,000 songs on my hard drive I suspect that someone is using my router as an access point to access my media. In regedit there are many clsid associated with wireless settings. I am COMPLETELY WIRED. In the MMC there always shows a Windows Media Center media package compiled and set as a task, and I have no idea why since I don't use it. And something called peernet, which I am not familiar with.
Copied from MMC
Log Name: Media Center
Source: MCUpdate
Date: 7/28/2014 5:14:47 AM
Event ID: 0
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Mobo3-HP
Description:
5:14:17 AM - The Directory package is already up to date.
5:14:17 AM - The ClientUpdate package is already up to date.
5:14:17 AM - The NetTV package is already up to date.
5:14:17 AM - The MCESpotlight package is already up to date.
5:14:17 AM - The MCEClientUX package is already up to date.
5:14:17 AM - The SportsV2 package is already up to date.
5:14:17 AM - The Broadband package is already up to date.
5:14:17 AM - The MCEClientMaintenance package is already up to date.
5:14:17 AM - Testing internet connection.
5:14:31 AM - Connection established.
5:14:36 AM - Retrieving SportsSchedule.
5:14:37 AM - Processing SportsSchedule.
5:14:37 AM - Retrieving SportsSchedule-2.enc.
5:14:40 AM - Extracting SportsSchedule.mxf.
5:14:40 AM - Processing SportsSchedule.mxf.
5:14:42 AM - Processing of SportsSchedule is complete.
5:14:47 AM - Update successful.
5:14:47 AM - Next update at 7/28/2014 11:57:14 AM.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MCUpdate" />
<EventID Qualifiers="0">0</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-07-28T11:14:47.000000000Z" />
<EventRecordID>89</EventRecordID>
<Channel>Media Center</Channel>
<Computer>Mobo3-HP</Computer>
<Security />
</System>
<EventData>
<Data>5:14:17 AM - The Directory package is already up to date.
5:14:17 AM - The ClientUpdate package is already up to date.
5:14:17 AM - The NetTV package is already up to date.
5:14:17 AM - The MCESpotlight package is already up to date.
5:14:17 AM - The MCEClientUX package is already up to date.
5:14:17 AM - The SportsV2 package is already up to date.
5:14:17 AM - The Broadband package is already up to date.
5:14:17 AM - The MCEClientMaintenance package is already up to date.
5:14:17 AM - Testing internet connection.
5:14:31 AM - Connection established.
5:14:36 AM - Retrieving SportsSchedule.
5:14:37 AM - Processing SportsSchedule.
5:14:37 AM - Retrieving SportsSchedule-2.enc.
5:14:40 AM - Extracting SportsSchedule.mxf.
5:14:40 AM - Processing SportsSchedule.mxf.
5:14:42 AM - Processing of SportsSchedule is complete.
5:14:47 AM - Update successful.
5:14:47 AM - Next update at 7/28/2014 11:57:14 AM.
</Data>
</EventData>
</Event>
MORE
Also, in Advanced Firewall, it says "Outbound connections that do not match a rule are allowed". I believe that is a security problem. Also there are many file and print sharing settings rules enabled. I am not sharing files and don't use a printer. There are references in MMC to IPv6 which I do not use. Also found this uder MMC\system\system events:
Log Name: System
Source: Microsoft-Windows-Diagnostics-Networking
Date: 8/4/2014 7:37:19 AM
Event ID: 4000
Task Category: Diagnosis Success
Level: Information
Keywords: (70368744177664),Core Events
User: LOCAL SERVICE
Computer: Mobo3-HP
Description:
The Network Diagnostics Framework has completed the diagnosis phase of operation. The following repair option was offered:
Helper Class Name: IGDHelperClass
Root Cause: More than one device is performing network address translation (NAT)
Multiple NAT devices can cause connectivity problems and prevent other computers and devices on your home network or on the Internet from connecting to your computer. Multiple NAT devices usually don’t prevent you from reaching the Internet.
Root Cause Guid: {9478f46a-95f5-4699-be42-0abd41400132}
Repair option: Reconfigure your network
To prevent problems other computers or devices might have when connecting to your computer, no more than one device should perform network address translation (NAT).
RepairGuid: {ef9d43e5-d1f2-4e4d-ae52-cdf069ccc1e8}
Seconds required for repair: 0
Security context required for repair: 0
Interface: ({00000000-0000-0000-0000-000000000000})
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Diagnostics-Networking" Guid="{36C23E18-0E66-11D9-BBEB-505054503030}" />
<EventID>4000</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>0</Opcode>
<Keywords>0x4000400000000001</Keywords>
<TimeCreated SystemTime="2014-08-04T13:37:19.075886400Z" />
<EventRecordID>8681871</EventRecordID>
<Correlation ActivityID="{E4DD65F6-4A7B-449C-81FD-A273F0A69117}" />
<Execution ProcessID="964" ThreadID="5988" />
<Channel>System</Channel>
<Computer>Mobo3-HP</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="RootCause">More than one device is performing network address translation (NAT)
Multiple NAT devices can cause connectivity problems and prevent other computers and devices on your home network or on the Internet from connecting to your computer. Multiple NAT devices usually don’t prevent you from reaching the Internet.</Data>
<Data Name="RootCauseGUID">{9478F46A-95F5-4699-BE42-0ABD41400132}</Data>
<Data Name="RepairOption">Reconfigure your network
To prevent problems other computers or devices might have when connecting to your computer, no more than one device should perform network address translation (NAT).</Data>
<Data Name="RepairGUID">{EF9D43E5-D1F2-4E4D-AE52-CDF069CCC1E8}</Data>
<Data Name="SecondsRequired">0</Data>
<Data Name="SIDTypeRequired">0</Data>
<Data Name="HelperClassName">IGDHelperClass</Data>
<Data Name="InterfaceDesc">
</Data>
<Data Name="InterfaceGUID">{00000000-0000-0000-0000-000000000000}</Data>
</EventData>
</Event>
Also...and I know this can be fixed by Avast, but Avast does not seem to be checking my email according to the results in the component section. Sorry....didn't mean to overload you. I hape I am not being paranoid, but some of these things don't make sense. Sorry if I am going too deep but that's my nature. I will accept your word on these things....and hope for the best.
Thanks Again
-
So what your saying is that those 11,000 songs on your HD where not put there by you ?
You did have a bad proxy setting that was fixed, that could allowed your computer to go online thru someone elses network.
Lets run a few more scans
Please download TDSSKiller.zip
- Extract it to your desktop
- Double click TDSSKiller.exe
- when the window opens, click on Change Parameters
- under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
- click OK
- Press Start Scan
- As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
-
Junior Member
No rootkits found
Hi, I ran the scan the way you instructed but it found no problems. So then I clicked on report, highlighted and tried to copy but that option was not available. Then I did a search of C drive and I did find several references to it, but they all looked like this: http_support.kaspersky.com_0.localstorage and Windows could not open them.
About the music....;sorry if I was not clear. The music is mine....collected over a decade. And for the last couple of years, I have had the feeling that my music library has been used or exploited by an outside wireless network using Windows Media Center [which I rarely use] and Amazon Cloud. My theory would explain all the irregularities which I mentioned above to which you did not respond.
Perhaps this is too complicated for this forum. I don't mean to beat a dead Hewlett-Packard Horse over this. It's just that I have had such a hard time getting answers about the deeper levels of the operating system...like the registry and the MMC.
One thing I am curious about? Do you have any Idea how I ended up with a "local host proxy?"
Do you think Hijack This would be useful?
Thanks again!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
