Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: New computer, possible malware

  1. #1
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default New computer, possible malware

    Recently inherited a Dell Vostro 220s running windows 7. The computer has a history of malware but was cleaned using malwarebytes and ccleaner. It's running a bit slow and I want to be sure that it is clean before I start using it daily. Wondering if someone could take a look at it and tell me if it looks clean. Thank you.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
    Ran by Ed (administrator) on ED-PC on 13-09-2014 14:40:11
    Running from C:\Users\Ed\Downloads
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Soluto) C:\Program Files\Soluto\Soluto.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    ( ) C:\Windows\System32\dldtcoms.exe
    (Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
    (Soluto) C:\Program Files\Soluto\SolutoService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
    (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
    (Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    (Google Inc.) C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
    (Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\files\vss_start.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Program Files\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_32.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\files\vss_pause.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
    HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    HKLM\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-12] (AVAST Software)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
    HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-27] (Google Inc.)
    HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\MountPoints2: {a7a55c4f-fc66-11e2-92f6-002564e5e832} - E:\MotoCastSetup.exe -a
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x49572B6A0A5DCC01
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
    URLSearchHook: HKLM - (No Name) - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - No File
    URLSearchHook: HKLM - (No Name) - {a0b9193b-d5c3-43fe-aef4-edc2ff4aa22d} - No File
    URLSearchHook: HKCU - (No Name) - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - No File
    URLSearchHook: HKCU - (No Name) - {a0b9193b-d5c3-43fe-aef4-edc2ff4aa22d} - No File
    SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YOxdm004YYus&ptb=0A94985D-6E9B-4610-94A5-1FCDF9FBBC4D&psa=&ind=2011091317&ptnrS=YOxdm004YYus&si=&st=sb&n=77ded175&searchfor={searchTerms}
    SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&mkt=en-gb&FORM=IE0000
    SearchScopes: HKCU - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YOxdm004YYus&ptb=0A94985D-6E9B-4610-94A5-1FCDF9FBBC4D&psa=&ind=2011091317&ptnrS=YOxdm004YYus&si=&st=sb&n=77ded175&searchfor={searchTerms}
    SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKCU - {9D22EAB4-39A0-46B2-B74C-4A509BFD85DE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=39935540-32DA-4800-B8AD-FEEC833C3B0F&apn_sauid=5035ECE4-939C-47AE-B76C-0D8AC83E78AD
    SearchScopes: HKCU - {C538F56D-C707-4DEC-B092-6D3952929DF3} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3013973
    SearchScopes: HKCU - {F2D83B33-3E47-4556-9D78-8DB871AB0A1F} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: No Name -> {a0b9193b-d5c3-43fe-aef4-edc2ff4aa22d} -> No File
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: No Name -> {d5f7c10d-2f86-4e99-90da-25f8b0400992} -> No File
    Toolbar: HKLM - No Name - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - No File
    Toolbar: HKLM - No Name - {a0b9193b-d5c3-43fe-aef4-edc2ff4aa22d} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {D5F7C10D-2F86-4E99-90DA-25F8B0400992} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default
    FF DefaultSearchEngine: Google (SSL)
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Google (SSL)
    FF Homepage: https://www.google.com
    FF Keyword.URL: https://search.yahoo.com/yhs/search
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\askcom.xml
    FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\askcomsearch.xml
    FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\google-ssl.xml
    FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\yahoo-avast.xml
    FF Extension: Disconnect - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\Extensions\2.0@disconnect.me.xpi [2014-09-13]
    FF Extension: Firefox Old Version Update Hotfix - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-13]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-13]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-13]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=avastbcl
    CHR StartupUrls: Default -> "https://www.google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
    CHR Plugin: (AVG Internet Security) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\system32\npdeployJava1.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
    CHR CustomProfile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]
    CHR Extension: (Google Search) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]
    CHR Extension: (Disconnect) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-09-12]
    CHR Extension: (Google Wallet) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
    CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-12]
    CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2014-09-12]
    CHR StartMenuInternet: Google Chrome - C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-12] (AVAST Software)
    R2 dldt_device; C:\Windows\system32\dldtcoms.exe [594600 2009-07-09] ( )
    R3 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
    R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [166880 2013-02-03] (Soluto)
    S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2013-02-03] (Soluto) [File not signed]
    R2 SolutoService; C:\Program Files\Soluto\SolutoService.exe [552928 2013-02-03] (Soluto)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-12] ()
    R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-12] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-12] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-12] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-12] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-12] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-12] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-12] ()
    S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)
    R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek )
    S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
    S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
    R0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2013-02-03] (Soluto LTD.)
    S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
    S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
    R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
    S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-13 14:38 - 2014-09-13 14:39 - 00028374 _____ () C:\Users\Ed\Downloads\Addition.txt
    2014-09-13 14:38 - 2014-09-13 14:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ED-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
    2014-09-13 14:37 - 2014-09-13 14:40 - 00017727 _____ () C:\Users\Ed\Downloads\FRST.txt
    2014-09-13 14:37 - 2014-09-13 14:37 - 00000000 ____D () C:\RegBackup
    2014-09-13 14:36 - 2014-09-13 14:40 - 00000000 ____D () C:\FRST
    2014-09-13 14:36 - 2014-09-13 14:36 - 01097728 _____ (Farbar) C:\Users\Ed\Downloads\FRST.exe
    2014-09-13 13:53 - 2014-09-13 13:53 - 00002143 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-13 13:53 - 2014-09-13 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-13 13:52 - 2014-09-13 13:52 - 00000000 ____D () C:\Program Files\Tweaking.com
    2014-09-13 13:50 - 2014-09-13 13:50 - 04057608 _____ () C:\Users\Ed\Downloads\tweaking.com_registry_backup_setup.exe
    2014-09-13 07:02 - 2014-09-13 07:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-09-12 21:41 - 2014-09-12 21:41 - 00231760 _____ () C:\Users\Ed\Downloads\CrucialScan.exe
    2014-09-12 21:24 - 2014-09-12 21:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-09-12 21:21 - 2014-09-12 21:21 - 00007715 _____ () C:\Users\Ed\Desktop\hijackthis.log
    2014-09-12 21:19 - 2014-09-13 07:23 - 00113342 _____ () C:\Windows\PFRO.log
    2014-09-12 20:58 - 2014-09-13 07:23 - 00000280 _____ () C:\Windows\setupact.log
    2014-09-12 20:58 - 2014-09-12 20:58 - 00000000 _____ () C:\Windows\setuperr.log
    2014-09-12 20:42 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-09-12 20:42 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-09-12 20:42 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-09-12 20:42 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-09-12 20:42 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-09-12 20:42 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-09-12 20:42 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-09-12 20:42 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-09-12 20:42 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-09-12 20:42 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-09-12 20:42 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-09-12 20:42 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-09-12 20:42 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-09-12 20:42 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-09-12 20:42 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-09-12 20:42 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-09-12 20:42 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-09-12 20:42 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-09-12 20:42 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-09-12 20:42 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-09-12 20:42 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-09-12 20:42 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-09-12 20:42 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-09-12 20:42 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-09-12 20:42 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-09-12 20:42 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-09-12 20:42 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-09-12 20:42 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-09-12 20:42 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-09-12 20:42 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-09-12 20:41 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-09-12 20:37 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-09-12 20:37 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-09-12 20:37 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-09-12 20:36 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-09-12 20:31 - 2014-09-12 20:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ed\Desktop\HijackThis.exe
    2014-09-12 20:26 - 2014-07-13 21:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-09-12 20:26 - 2014-06-15 21:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-09-12 20:26 - 2014-06-15 21:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2014-09-12 20:26 - 2014-06-15 21:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2014-09-12 20:25 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-09-12 20:25 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-09-12 20:25 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-09-12 20:25 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-09-12 20:25 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-09-12 20:24 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-12 20:24 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-09-12 20:24 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-09-12 20:24 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-09-12 20:24 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-09-12 20:24 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-09-12 20:24 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-09-12 20:24 - 2014-06-03 05:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-09-12 20:24 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-09-12 20:24 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-09-12 20:24 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-09-12 20:24 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\Program Files\CCleaner
    2014-09-12 20:17 - 2014-09-12 20:18 - 04901352 _____ (Piriform Ltd) C:\Users\Ed\Downloads\ccsetup417.exe
    2014-09-12 20:06 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-09-12 20:06 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-09-12 20:06 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-09-12 20:06 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-09-12 20:06 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-09-12 20:06 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-09-12 20:06 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-09-12 20:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-09-12 20:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-13 14:40 - 2014-09-13 14:37 - 00017727 _____ () C:\Users\Ed\Downloads\FRST.txt
    2014-09-13 14:40 - 2014-09-13 14:36 - 00000000 ____D () C:\FRST
    2014-09-13 14:39 - 2014-09-13 14:38 - 00028374 _____ () C:\Users\Ed\Downloads\Addition.txt
    2014-09-13 14:38 - 2014-09-13 14:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ED-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
    2014-09-13 14:37 - 2014-09-13 14:37 - 00000000 ____D () C:\RegBackup
    2014-09-13 14:36 - 2014-09-13 14:36 - 01097728 _____ (Farbar) C:\Users\Ed\Downloads\FRST.exe
    2014-09-13 14:31 - 2010-11-27 21:14 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-09-13 14:25 - 2012-05-21 17:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-09-13 13:53 - 2014-09-13 13:53 - 00002143 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-13 13:53 - 2014-09-13 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-13 13:52 - 2014-09-13 13:52 - 00000000 ____D () C:\Program Files\Tweaking.com
    2014-09-13 13:50 - 2014-09-13 13:50 - 04057608 _____ () C:\Users\Ed\Downloads\tweaking.com_registry_backup_setup.exe
    2014-09-13 13:38 - 2010-12-21 22:20 - 01701135 _____ () C:\Windows\WindowsUpdate.log
    2014-09-13 08:34 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
    2014-09-13 07:30 - 2009-07-14 00:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-13 07:30 - 2009-07-14 00:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-13 07:23 - 2014-09-13 07:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-09-13 07:23 - 2014-09-12 21:19 - 00113342 _____ () C:\Windows\PFRO.log
    2014-09-13 07:23 - 2014-09-12 20:58 - 00000280 _____ () C:\Windows\setupact.log
    2014-09-13 07:23 - 2014-01-20 12:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-09-13 07:23 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-13 07:21 - 2014-02-02 12:20 - 00000000 ____D () C:\Program Files\Brother
    2014-09-13 07:21 - 2010-11-11 21:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-09-13 07:20 - 2014-02-02 12:21 - 00000000 ____D () C:\Program Files\ControlCenter4
    2014-09-13 07:03 - 2010-11-27 20:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
    2014-09-13 06:53 - 2010-11-27 20:24 - 00000000 ____D () C:\Users\Ed\AppData\Local\Mozilla
    2014-09-13 06:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-09-12 21:41 - 2014-09-12 21:41 - 00231760 _____ () C:\Users\Ed\Downloads\CrucialScan.exe
    2014-09-12 21:31 - 2013-11-15 16:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-09-12 21:30 - 2013-11-15 16:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-09-12 21:24 - 2014-09-12 21:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-09-12 21:24 - 2014-05-10 21:37 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-09-12 21:24 - 2014-01-18 11:31 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2014-09-12 21:24 - 2013-10-19 14:10 - 00002049 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-09-12 21:24 - 2013-05-31 15:26 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-09-12 21:24 - 2013-05-31 15:26 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-09-12 21:24 - 2013-05-31 15:26 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-09-12 21:24 - 2013-05-31 15:26 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-09-12 21:24 - 2013-05-31 15:26 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-09-12 21:24 - 2013-05-31 15:26 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-09-12 21:24 - 2013-05-31 15:26 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-09-12 21:21 - 2014-09-12 21:21 - 00007715 _____ () C:\Users\Ed\Desktop\hijackthis.log
    2014-09-12 21:19 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing
    2014-09-12 21:07 - 2014-03-30 10:02 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-12 20:58 - 2014-09-12 20:58 - 00000000 _____ () C:\Windows\setuperr.log
    2014-09-12 20:58 - 2010-12-20 15:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-09-12 20:58 - 2009-07-14 00:33 - 00297832 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-09-12 20:45 - 2014-05-11 12:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-09-12 20:45 - 2009-07-14 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-09-12 20:44 - 2014-03-29 13:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-09-12 20:41 - 2013-08-13 20:49 - 00000000 ____D () C:\Windows\system32\MRT
    2014-09-12 20:35 - 2010-12-20 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-09-12 20:32 - 2010-11-11 21:23 - 00000000 ____D () C:\Users\Ed\AppData\Local\VirtualStore
    2014-09-12 20:31 - 2014-09-12 20:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ed\Desktop\HijackThis.exe
    2014-09-12 20:29 - 2010-11-11 22:02 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-12 20:25 - 2012-05-21 17:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-09-12 20:25 - 2012-05-21 17:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-09-12 20:23 - 2011-06-14 13:05 - 00000000 ____D () C:\Windows\Minidump
    2014-09-12 20:23 - 2010-11-08 15:44 - 00000000 ____D () C:\Windows\Panther
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\Program Files\CCleaner
    2014-09-12 20:18 - 2014-09-12 20:17 - 04901352 _____ (Piriform Ltd) C:\Users\Ed\Downloads\ccsetup417.exe
    2014-09-12 20:12 - 2010-12-28 02:27 - 00000000 ____D () C:\Program Files\PokerStars.FOX
    2014-09-12 20:03 - 2010-11-27 21:14 - 00000874 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-09-04 21:52 - 2014-09-12 20:24 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-04 21:47 - 2014-09-12 20:24 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-29 13:01 - 2010-11-27 21:15 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-25 06:53 - 2010-11-11 21:37 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-08-22 21:46 - 2014-09-12 20:25 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-22 20:42 - 2014-09-12 20:25 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-19 13:39 - 2014-09-12 20:42 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-18 18:26 - 2014-09-12 20:42 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-18 18:08 - 2014-09-12 20:42 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-18 17:57 - 2014-09-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-18 17:57 - 2014-09-12 20:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-18 17:46 - 2014-09-12 20:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-18 17:45 - 2014-09-12 20:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-18 17:44 - 2014-09-12 20:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-18 17:44 - 2014-09-12 20:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-18 17:42 - 2014-09-12 20:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-18 17:39 - 2014-09-12 20:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-18 17:39 - 2014-09-12 20:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-18 17:37 - 2014-09-12 20:42 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-18 17:36 - 2014-09-12 20:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-18 17:36 - 2014-09-12 20:42 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-18 17:35 - 2014-09-12 20:42 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-18 17:30 - 2014-09-12 20:42 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-18 17:27 - 2014-09-12 20:42 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-18 17:22 - 2014-09-12 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-18 17:19 - 2014-09-12 20:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-18 17:17 - 2014-09-12 20:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-18 17:17 - 2014-09-12 20:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-18 17:15 - 2014-09-12 20:42 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-18 17:09 - 2014-09-12 20:42 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-18 17:08 - 2014-09-12 20:42 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-18 17:08 - 2014-09-12 20:42 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-18 17:07 - 2014-09-12 20:42 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-18 16:46 - 2014-09-12 20:42 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-18 16:38 - 2014-09-12 20:42 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-18 16:36 - 2014-09-12 20:42 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

    Some content of TEMP:
    ====================
    C:\Users\Ed\AppData\Local\Temp\_is844C.exe
    C:\Users\Ed\AppData\Local\Temp\_unps.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-09-13 08:27

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
    Ran by Ed at 2014-09-13 14:40:38
    Running from C:\Users\Ed\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
    Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
    Game Master 2 Toolbar (HKLM\...\Game_Master_2 Toolbar) (Version: 6.5.2.8 - Game Master 2)
    Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.149 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Mapit 1 Toolbar (HKLM\...\Mapit_1 Toolbar) (Version: 6.5.2.8 - Mapit 1)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 32.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
    Nuance PaperPort 12 (HKLM\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
    Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
    PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
    Realtek Ethernet Diagnostic Utility (HKLM\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - )
    Scansoft PDF Professional (Version: - ) Hidden
    Soluto (HKLM\...\{9D48F834-97D9-4046-8664-FAB2C1A5091A}) (Version: 1.3.1149.0 - Soluto)
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    WebM Media Foundation Components (HKLM\...\webmmf) (Version: 1.0.1.1 - WebM Project)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\InprocServer32 -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

    ==================== Restore Points =========================

    21-06-2014 11:59:28 Windows Update
    22-06-2014 04:16:51 Windows Update
    30-06-2014 18:44:15 Windows Update
    13-09-2014 00:05:52 Windows Update
    13-09-2014 00:10:34 Removed Fanbase
    13-09-2014 00:15:24 Windows Update
    13-09-2014 00:27:55 Windows Update
    13-09-2014 01:22:41 avast! antivirus system restore point
    13-09-2014 11:21:04 Removed Brother Software Suite

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0787A328-4F56-42C6-8AC2-41E82B113A8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)
    Task: {5D2E8075-AD3F-4A3B-97A7-88C49B0B2C59} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-12] (AVAST Software)
    Task: {5E60CC59-7492-4F46-8C4F-BD85EF7BA92C} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
    Task: {97B14A99-B19B-4DE9-9F19-E676FACE8871} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
    Task: {F32D4582-4B75-4A4F-8CEC-B982128EB0CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-12] (Adobe Systems Incorporated)
    Task: {F7B00289-6313-4DA4-89D0-AED871A3870B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314073599-2682765790-367747919-1000Core1cf3fbb1c3422a3.job => C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-09-12 21:24 - 2014-09-12 21:24 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-09-13 06:29 - 2014-09-13 06:29 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091300\algo.dll
    2014-09-13 13:53 - 2014-09-13 13:53 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091301\algo.dll
    2014-09-13 06:34 - 2014-09-13 06:34 - 00156160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\15655f77a7dd4f5dde9a1707687c4685\PCGAppControlPluginLoader.ni.dll
    2014-09-12 21:03 - 2014-09-12 21:03 - 01707008 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\8c737a8feb24668062bed002f5d9412a\PCGPreCompiled.ni.dll
    2013-02-03 20:32 - 2013-02-03 20:32 - 00077880 _____ () c:\program files\soluto\PCGDllExportInspector.dll
    2012-08-10 10:17 - 2009-07-02 12:40 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldtdrpp.dll
    2014-09-12 21:24 - 2014-09-12 21:24 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-02-03 20:32 - 2013-02-03 20:32 - 00077880 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
    2013-02-03 20:32 - 2013-02-03 20:32 - 00049720 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
    2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-03-14 15:28 - 2014-03-06 16:35 - 00051016 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\chrome_elf.dll
    2014-03-14 15:28 - 2014-03-06 16:35 - 00716616 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\libglesv2.dll
    2014-03-14 15:28 - 2014-03-06 16:35 - 00100168 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\libegl.dll
    2014-03-14 15:28 - 2014-03-06 16:36 - 04061000 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\pdf.dll
    2014-03-14 15:28 - 2014-03-06 16:36 - 00394568 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\ppGoogleNaClPluginChrome.dll
    2014-03-14 15:28 - 2014-03-06 16:35 - 01647432 _____ () C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\ffmpegsumo.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/13/2014 07:21:03 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {3d77503e-5281-4e90-af90-8607ab4d6ca7}

    Error: (09/12/2014 09:22:38 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {88df055e-2a0b-40e6-88f6-be20c190dccf}

    Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Design, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
    .

    Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.DirectoryServices, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
    .

    Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
    .

    Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
    .

    Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Windows.Forms, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
    .

    Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Xml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
    .

    Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Drawing.Design, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
    .

    Error: (09/12/2014 08:58:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.ServiceProcess, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
    .


    System errors:
    =============
    Error: (09/13/2014 01:38:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

    Error: (09/12/2014 09:25:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Function Discovery Resource Publication service terminated with the following error:
    %%-2147014847

    Error: (09/12/2014 09:09:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (09/12/2014 09:09:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (09/12/2014 09:09:09 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

    Error: (09/12/2014 09:06:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (09/12/2014 09:06:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (09/12/2014 09:06:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (09/12/2014 09:06:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (09/12/2014 09:06:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
    Percentage of memory in use: 57%
    Total physical RAM: 2012.99 MB
    Available physical RAM: 851.36 MB
    Total Pagefile: 4025.98 MB
    Available Pagefile: 2408.53 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1894.06 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:224.85 GB) (Free:178.54 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 20000000)
    Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
    Partition 2: (Active) - (Size=7.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-09-13 14:44:15
    -----------------------------
    14:44:15.244 OS Version: Windows 6.1.7601 Service Pack 1
    14:44:15.244 Number of processors: 2 586 0x170A
    14:44:15.246 ComputerName: ED-PC UserName: Ed
    14:44:16.519 Initialize success
    14:44:16.519 VM: initialized successfully
    14:44:16.536 VM: Intel CPU supported virtualizedSuspended
    14:44:52.387 VM: disk I/O iaStor.sys
    14:44:55.452 AVAST engine defs: 14091301
    14:45:01.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:45:01.681 Disk 0 Vendor: WDC_WD25 02.0 Size: 238418MB BusType: 3
    14:45:01.795 Disk 0 MBR read successfully
    14:45:01.799 Disk 0 MBR scan
    14:45:01.817 Disk 0 Windows 7 default MBR code
    14:45:01.823 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    14:45:01.855 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8118 MB offset 98304
    14:45:01.862 Disk 0 default boot code
    14:45:01.878 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230251 MB offset 16723968
    14:45:01.887 Disk 0 scanning sectors +488278016
    14:45:01.974 Disk 0 scanning C:\Windows\system32\drivers
    14:45:11.125 Service scanning
    14:45:29.423 Modules scanning
    14:45:39.647 Disk 0 trace - called modules:
    14:45:39.659 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
    14:45:39.664 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8658f2b8]
    14:45:39.668 3 CLASSPNP.SYS[8919a59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85740028]
    14:45:40.623 AVAST engine scan C:\Windows
    14:45:42.348 AVAST engine scan C:\Windows\system32
    14:48:14.333 AVAST engine scan C:\Windows\system32\drivers
    14:48:33.759 AVAST engine scan C:\Users\Ed
    14:50:04.092 AVAST engine scan C:\ProgramData
    14:51:17.878 Scan finished successfully
    14:53:36.533 Disk 0 MBR has been saved successfully to "C:\Users\Ed\Desktop\Cleaning and Security\MBR.dat"
    14:53:36.538 The log file has been saved successfully to "C:\Users\Ed\Desktop\Cleaning and Security\aswMBR.txt"

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Looking at some bogus toolbars that need to go

    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    ===============================================================================


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.




    ===============================================================================

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    # AdwCleaner v3.310 - Report created 14/09/2014 at 07:08:39
    # Updated 12/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Ed - ED-PC
    # Running from : C:\Users\Ed\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\InboxAce_1gEI
    Folder Deleted : C:\Program Files\Game_Master_2
    Folder Deleted : C:\Program Files\Mapit_1
    Folder Deleted : C:\Users\Ed\AppData\Local\AVG Security Toolbar
    Folder Deleted : C:\Users\Ed\AppData\Local\Conduit
    Folder Deleted : C:\Users\Ed\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Ed\AppData\LocalLow\iac
    Folder Deleted : C:\Users\Ed\AppData\LocalLow\InboxAce_1gEI
    Folder Deleted : C:\Users\Ed\AppData\LocalLow\Game_Master_2
    Folder Deleted : C:\Users\Ed\AppData\LocalLow\Mapit_1
    File Deleted : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\Askcom.xml
    File Deleted : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\askcomsearch.xml

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings
    Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1
    Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3008660
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3013973
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9638B7D6-11F5-4406-B387-327642A11FFB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FD7BC46-216F-4000-A3BB-2744E400E35E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0B9193B-D5C3-43FE-AEF4-EDC2FF4AA22D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5F7C10D-2F86-4E99-90DA-25F8B0400992}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0FD7BC46-216F-4000-A3BB-2744E400E35E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF4A3145-97D7-488E-A830-67FBD1C14141}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32586041-5F0C-4B65-BD90-73A9EC745F5B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EB2E993-7C2F-48FB-9961-1E26CFE102D4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47500437-FC60-4B9A-93F8-8E882F87F70E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A97B62B-B742-4690-A70F-9F2741F80F4F}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A0B9193B-D5C3-43FE-AEF4-EDC2FF4AA22D}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D5F7C10D-2F86-4E99-90DA-25F8B0400992}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D5F7C10D-2F86-4E99-90DA-25F8B0400992}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A0B9193B-D5C3-43FE-AEF4-EDC2FF4AA22D}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D5F7C10D-2F86-4E99-90DA-25F8B0400992}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A0B9193B-D5C3-43FE-AEF4-EDC2FF4AA22D}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D5F7C10D-2F86-4E99-90DA-25F8B0400992}]
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Game_Master_2
    Key Deleted : HKCU\Software\AppDataLow\Software\Mapit_1
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\Game_Master_2
    Key Deleted : HKLM\SOFTWARE\Mapit_1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Game_Master_2 Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mapit_1 Toolbar

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v32.0.1 (x86 en-US)

    [ File : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\prefs.js ]

    Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxps://isearch.avg.com/search?cid={72F149A4-D05A-4CC3-AED1-5E7BC44E368A}&mid=5e26ed1f2c8f47d6b947d16c220101c1-fe1d41f4c13f27fdca457142333fb051b553ec82&[...]
    Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=2C76A20C-BD51-48AB-BE00-F90E288E29FC&n=77ee4092&ptnrS=ZXxdm003YYus&si=CNi_zsr60K4CFYne4Aod-W[...]
    Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.initialized", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.installDate", "2012102802");
    Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerId", "ZXxdm003YYus");
    Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId", "CNi_zsr60K4CFYne4Aod-WrXAQ");
    Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.success", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.toolbarId", "2C76A20C-BD51-48AB-BE00-F90E288E29FC");
    Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1390236603132");
    Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.weather.location", "07101");
    Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "radiorage@mindspark.com");
    Line Deleted : user_pref("extensions.toolbar.mindspark.sa.enabled", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark.sa.owner", "radiorage@mindspark.com");

    -\\ Google Chrome v

    [ File : C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [10035 octets] - [14/09/2014 07:05:46]
    AdwCleaner[S0].txt - [10167 octets] - [14/09/2014 07:08:39]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10228 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x86
    Ran by Ed on Sun 09/14/2014 at 7:16:07.22
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{26842A09-FFA8-4E2C-AE12-0C80F01C3295}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9D22EAB4-39A0-46B2-B74C-4A509BFD85DE}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C538F56D-C707-4DEC-B092-6D3952929DF3}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Ed\AppData\Roaming\mozilla\firefox\profiles\q44dp2fb.default\minidumps [1 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 09/14/2014 at 7:18:24.01
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/14/2014
    Scan Time: 7:42:03 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.09.14.03
    Rootkit Database: v2014.09.13.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Ed

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 288042
    Time Elapsed: 9 min, 14 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Go ahead and run new scan with FRST , also check the Additions box and post both or the new logs please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
    Ran by Ed (administrator) on ED-PC on 14-09-2014 10:27:28
    Running from C:\Users\Ed\Desktop
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Soluto) C:\Program Files\Soluto\Soluto.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    ( ) C:\Windows\System32\dldtcoms.exe
    (Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
    (Soluto) C:\Program Files\Soluto\SolutoService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
    (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
    HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    HKLM\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-12] (AVAST Software)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
    HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-27] (Google Inc.)
    HKU\S-1-5-21-1314073599-2682765790-367747919-1000\...\MountPoints2: {a7a55c4f-fc66-11e2-92f6-002564e5e832} - E:\MotoCastSetup.exe -a
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x49572B6A0A5DCC01
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
    SearchScopes: HKCU - {F2D83B33-3E47-4556-9D78-8DB871AB0A1F} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default
    FF DefaultSearchEngine: Google (SSL)
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Google (SSL)
    FF Homepage: https://www.google.com
    FF Keyword.URL: https://search.yahoo.com/yhs/search
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\google-ssl.xml
    FF SearchPlugin: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\searchplugins\yahoo-avast.xml
    FF Extension: Disconnect - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\Extensions\2.0@disconnect.me.xpi [2014-09-13]
    FF Extension: Firefox Old Version Update Hotfix - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\q44dp2fb.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-13]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-13]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-13]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=avastbcl
    CHR StartupUrls: Default -> "https://www.google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
    CHR Plugin: (AVG Internet Security) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\system32\npdeployJava1.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
    CHR CustomProfile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]
    CHR Extension: (Google Search) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]
    CHR Extension: (Disconnect) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-09-12]
    CHR Extension: (Google Wallet) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
    CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-12]
    CHR StartMenuInternet: Google Chrome - C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-12] (AVAST Software)
    R2 dldt_device; C:\Windows\system32\dldtcoms.exe [594600 2009-07-09] ( )
    R3 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
    R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [166880 2013-02-03] (Soluto)
    S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2013-02-03] (Soluto) [File not signed]
    R2 SolutoService; C:\Program Files\Soluto\SolutoService.exe [552928 2013-02-03] (Soluto)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-12] ()
    R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-12] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-12] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-12] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-12] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-12] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-12] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-12] ()
    S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)
    R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-20] (Realtek )
    S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
    S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
    R0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2013-02-03] (Soluto LTD.)
    S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [35328 2008-10-24] (Realtek Corporation)
    S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [19968 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
    R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
    S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-14 10:27 - 2014-09-14 10:27 - 00013965 _____ () C:\Users\Ed\Desktop\FRST.txt
    2014-09-14 07:53 - 2014-09-14 07:53 - 00001052 _____ () C:\Users\Ed\Desktop\mbam.txt
    2014-09-14 07:18 - 2014-09-14 07:18 - 00001442 _____ () C:\Users\Ed\Desktop\JRT.txt
    2014-09-14 07:16 - 2014-09-14 07:16 - 00000000 ____D () C:\Windows\ERUNT
    2014-09-14 07:12 - 2014-09-14 07:12 - 00010309 _____ () C:\Users\Ed\Desktop\AdwCleaner[S0].txt
    2014-09-14 07:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
    2014-09-14 07:05 - 2014-09-14 07:08 - 00000000 ____D () C:\AdwCleaner
    2014-09-13 22:56 - 2014-09-13 22:56 - 01016261 _____ (Thisisu) C:\Users\Ed\Desktop\JRT.exe
    2014-09-13 22:55 - 2014-09-13 22:55 - 01373475 _____ () C:\Users\Ed\Desktop\AdwCleaner.exe
    2014-09-13 14:38 - 2014-09-13 14:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ED-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
    2014-09-13 14:37 - 2014-09-13 14:37 - 00000000 ____D () C:\RegBackup
    2014-09-13 14:36 - 2014-09-14 10:27 - 00000000 ____D () C:\FRST
    2014-09-13 14:36 - 2014-09-13 14:36 - 01097728 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
    2014-09-13 13:53 - 2014-09-13 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-13 13:52 - 2014-09-13 13:52 - 00000000 ____D () C:\Program Files\Tweaking.com
    2014-09-13 07:02 - 2014-09-13 07:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-09-12 21:24 - 2014-09-12 21:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-09-12 21:19 - 2014-09-14 07:10 - 00113652 _____ () C:\Windows\PFRO.log
    2014-09-12 20:58 - 2014-09-14 07:59 - 00000504 _____ () C:\Windows\setupact.log
    2014-09-12 20:58 - 2014-09-12 20:58 - 00000000 _____ () C:\Windows\setuperr.log
    2014-09-12 20:42 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-09-12 20:42 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-09-12 20:42 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-09-12 20:42 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-09-12 20:42 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-09-12 20:42 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-09-12 20:42 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-09-12 20:42 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-09-12 20:42 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-09-12 20:42 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-09-12 20:42 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-09-12 20:42 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-09-12 20:42 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-09-12 20:42 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-09-12 20:42 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-09-12 20:42 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-09-12 20:42 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-09-12 20:42 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-09-12 20:42 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-09-12 20:42 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-09-12 20:42 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-09-12 20:42 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-09-12 20:42 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-09-12 20:42 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-09-12 20:42 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-09-12 20:42 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-09-12 20:42 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-09-12 20:42 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-09-12 20:42 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-09-12 20:42 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-09-12 20:41 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-09-12 20:37 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-09-12 20:37 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-09-12 20:37 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-09-12 20:36 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-09-12 20:26 - 2014-07-13 21:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-09-12 20:26 - 2014-06-15 21:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-09-12 20:26 - 2014-06-15 21:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2014-09-12 20:26 - 2014-06-15 21:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2014-09-12 20:25 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-09-12 20:25 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-09-12 20:25 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-09-12 20:25 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-09-12 20:25 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-09-12 20:24 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-12 20:24 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-09-12 20:24 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-09-12 20:24 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-09-12 20:24 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-09-12 20:24 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-09-12 20:24 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-09-12 20:24 - 2014-06-03 05:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-09-12 20:24 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-09-12 20:24 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-09-12 20:24 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-09-12 20:24 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-09-12 20:24 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\Program Files\CCleaner
    2014-09-12 20:06 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-09-12 20:06 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-09-12 20:06 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-09-12 20:06 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-09-12 20:06 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-09-12 20:06 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-09-12 20:06 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-09-12 20:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-09-12 20:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-14 10:27 - 2014-09-14 10:27 - 00013965 _____ () C:\Users\Ed\Desktop\FRST.txt
    2014-09-14 10:27 - 2014-09-13 14:36 - 00000000 ____D () C:\FRST
    2014-09-14 10:26 - 2010-11-27 20:35 - 00000000 ___RD () C:\Users\Ed\Desktop\Cleaning and Security
    2014-09-14 10:25 - 2012-05-21 17:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-09-14 09:31 - 2010-11-27 21:14 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-09-14 09:14 - 2009-07-14 00:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-14 09:14 - 2009-07-14 00:34 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-14 08:02 - 2010-12-21 22:20 - 01756327 _____ () C:\Windows\WindowsUpdate.log
    2014-09-14 07:59 - 2014-09-12 20:58 - 00000504 _____ () C:\Windows\setupact.log
    2014-09-14 07:59 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-14 07:53 - 2014-09-14 07:53 - 00001052 _____ () C:\Users\Ed\Desktop\mbam.txt
    2014-09-14 07:41 - 2014-03-30 10:02 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-14 07:25 - 2012-05-21 17:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-09-14 07:25 - 2012-05-21 17:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-09-14 07:18 - 2014-09-14 07:18 - 00001442 _____ () C:\Users\Ed\Desktop\JRT.txt
    2014-09-14 07:16 - 2014-09-14 07:16 - 00000000 ____D () C:\Windows\ERUNT
    2014-09-14 07:12 - 2014-09-14 07:12 - 00010309 _____ () C:\Users\Ed\Desktop\AdwCleaner[S0].txt
    2014-09-14 07:10 - 2014-09-12 21:19 - 00113652 _____ () C:\Windows\PFRO.log
    2014-09-14 07:08 - 2014-09-14 07:05 - 00000000 ____D () C:\AdwCleaner
    2014-09-13 22:56 - 2014-09-13 22:56 - 01016261 _____ (Thisisu) C:\Users\Ed\Desktop\JRT.exe
    2014-09-13 22:55 - 2014-09-13 22:55 - 01373475 _____ () C:\Users\Ed\Desktop\AdwCleaner.exe
    2014-09-13 14:38 - 2014-09-13 14:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ED-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
    2014-09-13 14:37 - 2014-09-13 14:37 - 00000000 ____D () C:\RegBackup
    2014-09-13 14:36 - 2014-09-13 14:36 - 01097728 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
    2014-09-13 13:53 - 2014-09-13 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-13 13:52 - 2014-09-13 13:52 - 00000000 ____D () C:\Program Files\Tweaking.com
    2014-09-13 08:34 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
    2014-09-13 07:23 - 2014-09-13 07:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-09-13 07:23 - 2014-01-20 12:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-09-13 07:21 - 2014-02-02 12:20 - 00000000 ____D () C:\Program Files\Brother
    2014-09-13 07:21 - 2010-11-11 21:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-09-13 07:20 - 2014-02-02 12:21 - 00000000 ____D () C:\Program Files\ControlCenter4
    2014-09-13 07:03 - 2010-11-27 20:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
    2014-09-13 06:53 - 2010-11-27 20:24 - 00000000 ____D () C:\Users\Ed\AppData\Local\Mozilla
    2014-09-13 06:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-09-12 21:31 - 2013-11-15 16:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-09-12 21:30 - 2013-11-15 16:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-09-12 21:24 - 2014-09-12 21:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-09-12 21:24 - 2014-05-10 21:37 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-09-12 21:24 - 2014-01-18 11:31 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2014-09-12 21:24 - 2013-10-19 14:10 - 00002049 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-09-12 21:24 - 2013-05-31 15:26 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-09-12 21:24 - 2013-05-31 15:26 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-09-12 21:24 - 2013-05-31 15:26 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-09-12 21:24 - 2013-05-31 15:26 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-09-12 21:24 - 2013-05-31 15:26 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-09-12 21:24 - 2013-05-31 15:26 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-09-12 21:24 - 2013-05-31 15:26 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-09-12 21:19 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing
    2014-09-12 20:58 - 2014-09-12 20:58 - 00000000 _____ () C:\Windows\setuperr.log
    2014-09-12 20:58 - 2010-12-20 15:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-09-12 20:58 - 2009-07-14 00:33 - 00297832 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-09-12 20:45 - 2014-05-11 12:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-09-12 20:45 - 2009-07-14 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-09-12 20:44 - 2014-03-29 13:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-09-12 20:41 - 2013-08-13 20:49 - 00000000 ____D () C:\Windows\system32\MRT
    2014-09-12 20:35 - 2010-12-20 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-09-12 20:32 - 2010-11-11 21:23 - 00000000 ____D () C:\Users\Ed\AppData\Local\VirtualStore
    2014-09-12 20:29 - 2010-11-11 22:02 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-12 20:23 - 2011-06-14 13:05 - 00000000 ____D () C:\Windows\Minidump
    2014-09-12 20:23 - 2010-11-08 15:44 - 00000000 ____D () C:\Windows\Panther
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-09-12 20:19 - 2014-09-12 20:19 - 00000000 ____D () C:\Program Files\CCleaner
    2014-09-12 20:12 - 2010-12-28 02:27 - 00000000 ____D () C:\Program Files\PokerStars.FOX
    2014-09-12 20:03 - 2010-11-27 21:14 - 00000874 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-09-04 21:52 - 2014-09-12 20:24 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-04 21:47 - 2014-09-12 20:24 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-29 13:01 - 2010-11-27 21:15 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-25 06:53 - 2010-11-11 21:37 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-08-22 21:46 - 2014-09-12 20:25 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-22 20:42 - 2014-09-12 20:25 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-19 13:39 - 2014-09-12 20:42 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-18 18:26 - 2014-09-12 20:42 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-18 18:08 - 2014-09-12 20:42 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-18 17:57 - 2014-09-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-18 17:57 - 2014-09-12 20:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-18 17:46 - 2014-09-12 20:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-18 17:45 - 2014-09-12 20:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-18 17:44 - 2014-09-12 20:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-18 17:44 - 2014-09-12 20:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-18 17:42 - 2014-09-12 20:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-18 17:39 - 2014-09-12 20:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-18 17:39 - 2014-09-12 20:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-18 17:37 - 2014-09-12 20:42 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-18 17:36 - 2014-09-12 20:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-18 17:36 - 2014-09-12 20:42 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-18 17:35 - 2014-09-12 20:42 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-18 17:30 - 2014-09-12 20:42 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-18 17:27 - 2014-09-12 20:42 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-18 17:22 - 2014-09-12 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-18 17:19 - 2014-09-12 20:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-18 17:17 - 2014-09-12 20:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-18 17:17 - 2014-09-12 20:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-18 17:15 - 2014-09-12 20:42 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-18 17:09 - 2014-09-12 20:42 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-18 17:08 - 2014-09-12 20:42 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-18 17:08 - 2014-09-12 20:42 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-18 17:07 - 2014-09-12 20:42 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-18 16:46 - 2014-09-12 20:42 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-18 16:38 - 2014-09-12 20:42 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-18 16:36 - 2014-09-12 20:42 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

    Some content of TEMP:
    ====================
    C:\Users\Ed\AppData\Local\Temp\Quarantine.exe
    C:\Users\Ed\AppData\Local\Temp\_is844C.exe
    C:\Users\Ed\AppData\Local\Temp\_unps.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-09-13 08:27

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
    Ran by Ed at 2014-09-14 10:28:00
    Running from C:\Users\Ed\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
    Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
    Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.149 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 32.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
    Nuance PaperPort 12 (HKLM\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
    Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
    PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
    Realtek Ethernet Diagnostic Utility (HKLM\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - )
    Scansoft PDF Professional (Version: - ) Hidden
    Soluto (HKLM\...\{9D48F834-97D9-4046-8664-FAB2C1A5091A}) (Version: 1.3.1149.0 - Soluto)
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    WebM Media Foundation Components (HKLM\...\webmmf) (Version: 1.0.1.1 - WebM Project)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Chrome\Application\33.0.1750.149\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.22.5\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1314073599-2682765790-367747919-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ed\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

    ==================== Restore Points =========================

    21-06-2014 11:59:28 Windows Update
    22-06-2014 04:16:51 Windows Update
    30-06-2014 18:44:15 Windows Update
    13-09-2014 00:05:52 Windows Update
    13-09-2014 00:10:34 Removed Fanbase
    13-09-2014 00:15:24 Windows Update
    13-09-2014 00:27:55 Windows Update
    13-09-2014 01:22:41 avast! antivirus system restore point
    13-09-2014 11:21:04 Removed Brother Software Suite

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0787A328-4F56-42C6-8AC2-41E82B113A8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)
    Task: {5D2E8075-AD3F-4A3B-97A7-88C49B0B2C59} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-12] (AVAST Software)
    Task: {5E60CC59-7492-4F46-8C4F-BD85EF7BA92C} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
    Task: {97B14A99-B19B-4DE9-9F19-E676FACE8871} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
    Task: {F32D4582-4B75-4A4F-8CEC-B982128EB0CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated)
    Task: {F7B00289-6313-4DA4-89D0-AED871A3870B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-27] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314073599-2682765790-367747919-1000Core1cf3fbb1c3422a3.job => C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-09-12 21:24 - 2014-09-12 21:24 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-09-14 06:59 - 2014-09-14 06:59 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091400\algo.dll
    2012-08-10 10:17 - 2009-07-02 12:40 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldtdrpp.dll
    2014-09-13 06:34 - 2014-09-13 06:34 - 00156160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\15655f77a7dd4f5dde9a1707687c4685\PCGAppControlPluginLoader.ni.dll
    2014-09-12 21:03 - 2014-09-12 21:03 - 01707008 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\8c737a8feb24668062bed002f5d9412a\PCGPreCompiled.ni.dll
    2013-02-03 20:32 - 2013-02-03 20:32 - 00077880 _____ () c:\program files\soluto\PCGDllExportInspector.dll
    2013-02-03 20:32 - 2013-02-03 20:32 - 00077880 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
    2013-02-03 20:32 - 2013-02-03 20:32 - 00049720 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
    2014-09-12 21:24 - 2014-09-12 21:24 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (09/14/2014 07:40:14 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
    Percentage of memory in use: 41%
    Total physical RAM: 2012.99 MB
    Available physical RAM: 1186.31 MB
    Total Pagefile: 4025.98 MB
    Available Pagefile: 2912.27 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1909.56 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:224.85 GB) (Free:178.19 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 20000000)
    Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
    Partition 2: (Active) - (Size=7.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Log looks ok but some questions on these

    AVG Secure Search is considered Foistware

    https://www.google.com/search?q=what...m=122&ie=UTF-8

    Did you install this an use it ?
    MindSpark Toolbar
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    As far as I know I did not install the AVG toolbar or the mindspark toolbar. I would like to get rid of them if possible.

    Would it be safe to use this computer for things like online banking once it is cleaned?

    Thanks.

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    As far as using this computer for online banking and purchases with a credit card, keep in mind that sometimes on a totally new clean computer it could be a problem if not done correctly. There are infections going around and some are called Rootkit that are responsible for stealing your log in and credit card info but i did not see any markers in your log for that. So I would say that you most likely are ok. What I would do is check into your bank often, a few times a week just to make sure everything is in order, I do myself at least every other day.


    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

    Code:
    Start
    HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    HKLM\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
    Hosts:
    EmptyTemp:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



    ===========================================================

    What I would like to do is run a free online virus scanner just to make sure we didn't miss anything, please read the instructions and do not check to remove threats because sometimes false positives are picked up and I dont want it removing something that is not bad


    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Junior Member
    Join Date
    Sep 2008
    Posts
    21

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
    Ran by Ed at 2014-09-14 13:29:17 Run:1
    Running from C:\Users\Ed\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    Start
    HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    HKLM\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
    Hosts:
    EmptyTemp:
    End
    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 => value deleted successfully.
    C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll not found.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 1014.1 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

    C:\AdwCleaner\Quarantine\C\Program Files\Game_Master_2\Game_Master_2ToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files\Game_Master_2\ldrtbGame.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files\Game_Master_2\prxtbGame.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files\Game_Master_2\tbGame.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files\Mapit_1\ldrtbMapi.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files\Mapit_1\Mapit_1ToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files\Mapit_1\prxtbMapi.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files\Mapit_1\tbMapi.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\Local\Conduit\CT3013973\Game_Master_2AutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Game_Master_2\ldrtbGame.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Game_Master_2\tbGame.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\hk64tbMap0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\hk64tbMap2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\hktbMap0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\hktbMap2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\ldrtbMap0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\ldrtbMap2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\ldrtbMap3.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\ldrtbMapi.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\tbMap0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\tbMap1.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\tbMap2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\tbMap3.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\tbMapi.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Ed\AppData\LocalLow\Mapit_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    All those entries that ESET found where Quarantined by AdwCleaner


    Double click on AdwCleaner.exe to run the tool again.
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.


    How is your system behaving now ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •