Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: AVG Resident Shield keeps finding "Trojan horse Generic_c", and awsMBR keeps crashing

  1. #1
    Junior Member
    Join Date
    Jul 2009
    Posts
    24

    Unhappy AVG Resident Shield keeps finding "Trojan horse Generic_c", and awsMBR keeps crashing

    awsMBR in particular hasen't been able to complete scans with crashes with rootkit detection, even after I declined it at launch of the program and doing just a quick scan. Attached is a screenshot of the moment it crashes.

    Below are the contents of FRST64.txt and Addition.txt.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
    Ran by tyl2 (administrator) on IMAGINENOHELL on 04-10-2014 09:00:16
    Running from D:\Users\tyl2\Desktop
    Loaded Profile: tyl2 (Available profiles: tyl2 & Guest)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\avgcsrva.exe
    (AMD) D:\Windows\System32\atiesrxx.exe
    (AMD) D:\Windows\System32\atieclxx.exe
    (AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\avgwdsvc.exe
    (Microsoft Corporation) D:\Windows\System32\CISVC.EXE
    (CHENGDU YIWO Tech Development Co., Ltd) D:\Program Files (x86)\EaseUS Backup\bin\Agent.exe
    (Garmin Ltd or its subsidiaries) D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Logitech, Inc.) D:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Microsoft Corporation) D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    (Hewlett-Packard Co.) D:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
    () D:\Users\tyl2\AppData\Roaming\Lantern\Lantern.exe
    (Hewlett-Packard) D:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\avgui.exe
    (MJMSoft Design Limited) D:\Program Files (x86)\KeyText\KeyText.exe
    () D:\Program Files (x86)\RSIGuard\RSIGuard.exe
    (CHENGDU YIWO Tech Development Co., Ltd) D:\Program Files (x86)\EaseUS Backup\bin\GuardAgent.exe
    () D:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (Dropbox, Inc.) D:\Users\tyl2\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Program Files (x86)\Evernote\EvernoteClipper.exe
    (Logitech, Inc.) D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    () D:\Users\tyl2\AppData\Roaming\Lantern\pt\flashlight\flashlight.exe
    () D:\Users\tyl2\AppData\Roaming\Lantern\pt\flashlight\flashlight.exe
    (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (Microsoft Corporation) D:\Windows\System32\vds.exe
    (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    (TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
    (Intuit Inc.) D:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    () D:\Program Files\WinRAR\WinRAR.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [EvtMgr6] => D:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AMD AVT] => D:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
    HKLM-x32\...\Run: [HP Software Update] => D:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [AVG_UI] => D:\Program Files (x86)\AVG\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
    Winlogon\Notify\LBTWlgn: d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
    HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
    HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [OfficeSyncProcess] => D:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [syshost32] => D:\Users\tyl2\AppData\Local\{1531A5D7-B4F4-5F38-B350-CDF2931D4AB6}\syshost.exe
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [ROC_ROC_APR2013_AV] => D:\Users\tyl2\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 6774ac5ff45f47d1a6cdd1544f45f731-e5ea4db2b6b3f03f7240b4b0f42b1f3c0e56ac5d --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [AVG-Secure-Search-Update_0913a] => D:\Users\tyl2\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 6774ac5ff45f47d1a6cdd1544f45f731-e5ea4db2b6b3f03f7240b4b0f42b1f3c0e56ac5d --CMPID 0913a
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => D:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [AVG-Secure-Search-Update_0214c] => D:\Users\tyl2\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=6774ac5ff45f47d1a6cdd1544f45f731-e5ea4db2b6b3f03f7240b4b0f42b1f3c0e56ac5d /CMPID=0214c
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\D-Tools\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [Lantern] => D:\Users\tyl2\AppData\Roaming\Lantern\Lantern.exe [236568 2014-08-12] ()
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Policies\Explorer: [NoThumbnailCache] 1
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2: {d39c8ede-05c4-11e3-8c27-dde1fa99cd3b} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2: {d97562d3-22bf-11e3-be4f-a9f332b18c39} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
    Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\KeyText.lnk
    ShortcutTarget: KeyText.lnk -> D:\Program Files (x86)\KeyText\KeyText.exe (MJMSoft Design Limited)
    Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RSIGuard.lnk
    ShortcutTarget: RSIGuard.lnk -> D:\Program Files (x86)\RSIGuard\RSIGuard.exe ()
    Startup: D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
    ShortcutTarget: Windows Explorer.lnk -> D:\Windows\explorer.exe (Microsoft Corporation)
    Startup: D:\Users\tyl2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: D:\Users\tyl2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> D:\Program Files (x86)\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => D:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => D:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => D:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => D:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => D:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => D:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => D:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0E6309D16E55CC01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
    BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> D:\Program Files (x86)\HotspotShield\HssIE\HssIE_64.dll (AnchorFree Inc.)
    BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> D:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> D:\Program Files (x86)\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> D:\Program Files (x86)\HotspotShield\HssIE\HssIE.dll (AnchorFree Inc.)
    DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/appl...orLauncher.cab
    DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofil...SystemLite.CAB
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
    Hosts: 127.0.0.1 www.applian.securesites.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{082F969D-2D6E-4721-ADC4-438F88EC8C48}: [NameServer] 209.18.47.61,209.18.47.62,8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{817B83C9-C8ED-4980-9E4D-FC89A0456B59}: [NameServer] 192.168.1.1,8.8.8.8

    FireFox:
    ========
    FF ProfilePath: D:\Users\tyl2\AppData\Roaming\Mozilla\Firefox\Profiles\7b5snte1.TYL2
    FF Homepage: my.yahoo.com
    FF Plugin: @adobe.com/FlashPlayer -> D:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @java.com/DTPlugin,version=11.5.2 -> D:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> D:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> D:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> D:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> D:\Program Files (x86)\Adobe\Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\SharedAppData\Firefox\tyl3\searchplugins\answers.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\tyl3\searchplugins\askcom.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\tyl3\searchplugins\IMDB.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\tyl3\searchplugins\searchplugins-backup
    FF SearchPlugin: C:\SharedAppData\Firefox\tyl3\searchplugins\TVGuideMovies.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\default\searchplugins\amazon-search-suggestions.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\default\searchplugins\IMDB.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\default\searchplugins\searchplugins-backup
    FF SearchPlugin: C:\SharedAppData\Firefox\default\searchplugins\wikipedia-eng.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\default\searchplugins\youtube-video-search.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\answerscom.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\babel-fish-en-zh-cn.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\ebay-us-completed-listings.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\howjsay.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\imdb.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\pharasessearch.xml
    FF SearchPlugin: C:\SharedAppData\Firefox\Imagine\searchplugins\tvguidecom---movies.xml
    FF Extension: Lantern Proxy Configurator - D:\Users\tyl2\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\lantern@getlantern.org [2014-08-13]
    FF Extension: Test Pilot - C:\SharedAppData\Firefox\tyl3\Extensions\testpilot@labs.mozilla.com.xpi [2011-08-07]
    FF Extension: Microsoft .NET Framework Assistant - C:\SharedAppData\Firefox\tyl3\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-12-09]
    FF Extension: Adblock Plus - C:\SharedAppData\Firefox\tyl3\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-27]
    FF Extension: Microsoft .NET Framework Assistant - C:\SharedAppData\Firefox\default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-07]
    FF Extension: No Name - C:\SharedAppData\Firefox\default\Extensions\testpilot@labs.mozilla.com.xpi [2011-08-07]
    FF Extension: Adblock Plus - C:\SharedAppData\Firefox\default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-07]
    FF Extension: DownloadHelper - C:\SharedAppData\Firefox\Imagine\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
    FF Extension: Evernote Web Clipper - C:\SharedAppData\Firefox\Imagine\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-17]
    FF Extension: No Name - C:\SharedAppData\Firefox\Imagine\Extensions\html5notifications@paxal.net.xpi [2012-10-08]
    FF Extension: No Name - C:\SharedAppData\Firefox\Imagine\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2012-11-03]
    FF Extension: No Name - C:\SharedAppData\Firefox\Imagine\Extensions\testpilot@labs.mozilla.com.xpi [2011-08-07]
    FF Extension: Easy Youtube Video Downloader Express - C:\SharedAppData\Firefox\Imagine\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-07-31]
    FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Firefox\firefox.exe

    Chrome:
    =======

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVGIDSAgent; D:\Program Files (x86)\AVG\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; D:\Program Files (x86)\AVG\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
    R2 EaseUS Agent; D:\Program Files (x86)\EaseUS Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R2 Garmin Core Update Service; D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
    R2 Guard Agent; D:\Program Files (x86)\EaseUS Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    S4 mozybackup; D:\Program Files\MozyHome\mozybackup.exe [55112 2013-08-05] (Mozy, Inc.)
    R2 PassThru Service; D:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
    S3 AVG Bonjour Service; D:\Windows\TEMP\avgcu_mDNSResponder.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AnyDVD; D:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
    R3 AnyDVD; D:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
    S3 appliand; D:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    R3 appliandMP; D:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    R1 Avgdiska; D:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; D:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; D:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; D:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; D:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; D:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; D:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
    S2 DgiVecp; D:\Windows\system32\Drivers\DgiVecp.sys [53816 2011-05-13] (Samsung Electronics Co., Ltd.)
    R1 dtsoftbus01; D:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-25] (Disc Soft Ltd)
    R0 EUBAKUP; D:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R0 EUBKMON; D:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
    R1 EUDSKACS; D:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R1 EUFDDISK; D:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    S4 LMIRfsClientNP; No ImagePath
    R1 mozyFilter; D:\Windows\System32\DRIVERS\mozy.sys [67808 2013-08-05] (Mozy, Inc.)
    S3 ptun0901; D:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-09-18] (The OpenVPN Project)
    S3 RT73; D:\Windows\System32\DRIVERS\rt73.sys [356352 2006-09-07] (Ralink Technology, Corp.)
    R3 RTL8192cu; D:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
    S3 SMARTMouseFilterx64; D:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-10-18] (SMART Technologies) [File not signed]
    S3 SMARTVHidMiniVistaAmd64; D:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-10-18] (SMART Technologies) [File not signed]
    S3 SMARTVTabletPCx64; D:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-10-18] (SMART Technologies ULC) [File not signed]
    S2 LMIInfo; \??\D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-04 09:00 - 2014-10-04 09:03 - 00020830 _____ () D:\Users\tyl2\Desktop\FRST.txt
    2014-10-04 08:42 - 2014-10-04 08:42 - 00000000 ____D () D:\Users\tyl2\Desktop\OpenVPN-Certificate-Bundle-Server1
    2014-10-04 08:39 - 2014-10-04 08:39 - 00000000 ____D () D:\Windows\LastGood
    2014-10-04 08:13 - 2014-10-04 08:13 - 00013991 _____ () D:\Users\tyl2\Desktop\OpenVPN-Certificate-Bundle-Server1.zip
    2014-10-04 08:08 - 2014-10-04 08:08 - 05185536 _____ (AVAST Software) D:\Users\tyl2\Desktop\aswMBR.exe
    2014-10-04 08:05 - 2014-10-04 09:01 - 00000000 ____D () D:\FRST
    2014-10-04 08:04 - 2014-10-04 08:04 - 02109440 _____ (Farbar) D:\Users\tyl2\Desktop\FRST64.exe
    2014-09-30 20:45 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) D:\Windows\system32\qdvd.dll
    2014-09-30 20:45 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) D:\Windows\SysWOW64\qdvd.dll
    2014-09-29 02:06 - 2014-09-29 02:06 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\AVG2015
    2014-09-29 01:52 - 2014-09-29 01:57 - 00000000 ____D () D:\ProgramData\AVG2015
    2014-09-29 01:52 - 2014-09-29 01:52 - 00000000 ____D () D:\Users\Guest\AppData\Local\Avg
    2014-09-29 01:47 - 2014-09-29 21:53 - 00000000 ____D () D:\Users\tyl2\AppData\Local\Avg2015
    2014-09-24 21:54 - 2014-09-24 21:54 - 00000000 ____D () D:\Users\tyl2\AppData\Local\Chromium
    2014-09-24 21:54 - 2014-09-24 21:54 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iron
    2014-09-24 21:54 - 2014-09-24 21:54 - 00000000 ____D () D:\Program Files (x86)\Iron
    2014-09-24 21:24 - 2014-09-24 21:24 - 00000000 ____D () D:\Program Files (x86)\Firefox
    2014-09-23 23:34 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) D:\Windows\system32\tzres.dll
    2014-09-23 23:34 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) D:\Windows\SysWOW64\tzres.dll
    2014-09-18 21:11 - 2014-09-24 22:19 - 00000000 ____D () D:\Program Files (x86)\Firefox.bak
    2014-09-18 18:07 - 2014-09-18 18:07 - 00027136 _____ (The OpenVPN Project) D:\Windows\system32\Drivers\ptun0901.sys
    2014-09-12 19:15 - 2014-10-04 08:08 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\{38436b9b-fe1c-4d8c-a543-c399fea3632d}
    2014-09-12 19:14 - 2014-10-04 08:08 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\{84cd2c9e-4efc-46f2-a3cb-215a42c772c4}
    2014-09-09 21:51 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) D:\Windows\system32\iedkcs32.dll
    2014-09-09 21:51 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iedkcs32.dll
    2014-09-09 21:51 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll
    2014-09-09 21:51 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb
    2014-09-09 21:51 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollectorres.dll
    2014-09-09 21:51 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll
    2014-09-09 21:51 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll
    2014-09-09 21:51 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) D:\Windows\system32\vbscript.dll
    2014-09-09 21:51 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll
    2014-09-09 21:51 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) D:\Windows\system32\MshtmlDac.dll
    2014-09-09 21:51 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) D:\Windows\system32\ieetwproxystub.dll
    2014-09-09 21:51 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9.dll
    2014-09-09 21:51 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll
    2014-09-09 21:51 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll
    2014-09-09 21:51 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll
    2014-09-09 21:51 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) D:\Windows\system32\jscript9diag.dll
    2014-09-09 21:51 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) D:\Windows\system32\ieUnatt.exe
    2014-09-09 21:51 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) D:\Windows\system32\ieetwcollector.exe
    2014-09-09 21:51 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.tlb
    2014-09-09 21:51 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) D:\Windows\system32\MsSpellCheckingFacility.exe
    2014-09-09 21:51 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) D:\Windows\system32\dxtmsft.dll
    2014-09-09 21:51 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) D:\Windows\SysWOW64\vbscript.dll
    2014-09-09 21:51 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) D:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-09-09 21:51 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesetup.dll
    2014-09-09 21:51 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) D:\Windows\SysWOW64\MshtmlDac.dll
    2014-09-09 21:51 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieetwproxystub.dll
    2014-09-09 21:51 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iertutil.dll
    2014-09-09 21:51 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) D:\Windows\system32\msrating.dll
    2014-09-09 21:51 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) D:\Windows\system32\mshtmled.dll
    2014-09-09 21:51 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jsproxy.dll
    2014-09-09 21:51 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iernonce.dll
    2014-09-09 21:51 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) D:\Windows\system32\dxtrans.dll
    2014-09-09 21:51 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieui.dll
    2014-09-09 21:51 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieUnatt.exe
    2014-09-09 21:51 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9diag.dll
    2014-09-09 21:51 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dxtmsft.dll
    2014-09-09 21:51 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll
    2014-09-09 21:51 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) D:\Windows\system32\ie4uinit.exe
    2014-09-09 21:51 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) D:\Windows\system32\inetcpl.cpl
    2014-09-09 21:51 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) D:\Windows\system32\mshtmlmedia.dll
    2014-09-09 21:51 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) D:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-09-09 21:51 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msrating.dll
    2014-09-09 21:51 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dxtrans.dll
    2014-09-09 21:51 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtmled.dll
    2014-09-09 21:51 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll
    2014-09-09 21:51 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msfeeds.dll
    2014-09-09 21:51 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) D:\Windows\SysWOW64\inetcpl.cpl
    2014-09-09 21:51 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtmlmedia.dll
    2014-09-09 21:51 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll
    2014-09-09 21:51 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wininet.dll
    2014-09-09 21:51 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) D:\Windows\SysWOW64\urlmon.dll
    2014-09-09 21:51 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) D:\Windows\system32\ieapfltr.dll
    2014-09-09 21:51 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieapfltr.dll
    2014-09-09 21:50 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.dll
    2014-09-09 21:50 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll
    2014-09-09 21:50 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieframe.dll
    2014-09-09 21:39 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) D:\Windows\system32\msmpeg2vdec.dll
    2014-09-09 21:39 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msmpeg2vdec.dll
    2014-09-09 21:35 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) D:\Windows\system32\d3d10warp.dll
    2014-09-09 21:35 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) D:\Windows\SysWOW64\d3d10warp.dll
    2014-09-09 21:34 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) D:\Windows\system32\lsasrv.dll
    2014-09-09 21:34 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) D:\Windows\system32\kerberos.dll
    2014-09-09 21:34 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) D:\Windows\SysWOW64\kerberos.dll
    2014-09-09 21:34 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) D:\Windows\SysWOW64\secur32.dll
    2014-09-09 21:34 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) D:\Windows\SysWOW64\sspicli.dll
    2014-09-09 21:33 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) D:\Windows\system32\TSWorkspace.dll
    2014-09-09 21:33 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) D:\Windows\SysWOW64\TSWorkspace.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-04 08:58 - 2011-08-09 14:41 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\Azureus
    2014-10-04 08:42 - 2013-03-13 21:50 - 00000830 _____ () D:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-10-04 08:41 - 2012-01-16 20:01 - 00001854 _____ () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
    2014-10-04 08:41 - 2011-08-09 14:41 - 00000000 ____D () D:\Program Files (x86)\Vuze
    2014-10-04 08:26 - 2014-08-13 19:06 - 00000000 ____D () D:\Users\tyl2\.lantern
    2014-10-04 07:51 - 2011-08-09 01:05 - 00000000 ____D () D:\ProgramData\MFAData
    2014-10-04 07:48 - 2011-08-09 14:31 - 00000000 ___RD () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security
    2014-10-04 07:05 - 2011-08-17 19:41 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\RSIGuard
    2014-10-04 06:27 - 2011-08-08 17:18 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\vlc
    2014-10-04 06:25 - 2011-08-07 23:52 - 01324515 _____ () D:\Windows\WindowsUpdate.log
    2014-10-04 06:15 - 2009-07-14 00:45 - 00026352 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-04 06:15 - 2009-07-14 00:45 - 00026352 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-04 06:08 - 2011-08-11 13:48 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\Dropbox
    2014-10-04 06:07 - 2013-10-23 22:29 - 00000266 _____ () D:\Windows\Tasks\AutoKMS.job
    2014-10-04 06:07 - 2013-04-29 17:32 - 00053059 _____ () D:\Windows\setupact.log
    2014-10-04 06:07 - 2009-07-14 01:08 - 00000006 ____H () D:\Windows\Tasks\SA.DAT
    2014-10-01 22:43 - 2011-08-09 01:12 - 00000000 ____D () D:\Program Files (x86)\AVG
    2014-09-29 18:09 - 2013-05-28 19:25 - 00285900 _____ () D:\Windows\PFRO.log
    2014-09-29 01:57 - 2011-11-13 19:15 - 00000000 ___HD () D:\$AVG
    2014-09-28 23:26 - 2012-01-02 21:29 - 00133376 _____ () D:\Users\tyl2\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-09-25 12:41 - 2009-07-13 23:20 - 00000000 ____D () D:\Windows\rescache
    2014-09-25 10:52 - 2012-01-03 23:02 - 00480040 _____ () D:\Windows\system32\FNTCACHE.DAT
    2014-09-25 10:51 - 2012-04-25 18:14 - 00000000 ____D () D:\Program Files (x86)\Mozilla Maintenance Service
    2014-09-25 01:32 - 2012-01-08 21:28 - 00000000 ____D () D:\Users\tyl2\Documents\Travel
    2014-09-24 21:41 - 2011-08-17 17:43 - 00000000 ____D () D:\Users\tyl2\AppData\Local\Google
    2014-09-24 21:39 - 2011-08-08 02:09 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\Mozilla
    2014-09-24 21:37 - 2011-09-16 00:17 - 00000000 ____D () D:\Program Files (x86)\MindPoint
    2014-09-24 21:36 - 2013-08-15 10:52 - 00210138 _____ () D:\Windows\DPINST.LOG
    2014-09-24 21:36 - 2011-08-10 11:40 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART Technologies
    2014-09-24 01:42 - 2013-03-13 21:50 - 00003768 _____ () D:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-09-24 01:42 - 2012-03-28 20:40 - 00701104 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-24 01:42 - 2011-08-08 17:13 - 00071344 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-23 01:51 - 2011-09-10 20:43 - 00000000 ____D () D:\Users\tyl2\AppData\Local\Deployment
    2014-09-15 22:29 - 2014-03-25 19:51 - 00001104 _____ () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
    2014-09-15 22:21 - 2012-03-28 23:09 - 00000000 ___SD () D:\Users\tyl2\Documents\My Data Sources
    2014-09-13 17:28 - 2011-12-16 07:34 - 00385092 _____ () D:\Windows\system32\prfh0804.dat
    2014-09-13 17:28 - 2011-12-16 07:34 - 00120456 _____ () D:\Windows\system32\prfc0804.dat
    2014-09-13 17:28 - 2009-07-14 01:13 - 01284420 _____ () D:\Windows\system32\PerfStringBackup.INI
    2014-09-13 06:58 - 2012-01-23 18:08 - 00007624 _____ () D:\Users\tyl2\AppData\Local\resmon.resmoncfg
    2014-09-12 19:09 - 2011-08-09 11:47 - 00000000 ____D () D:\ProgramData\DAEMON Tools Lite
    2014-09-10 02:54 - 2011-08-16 16:18 - 00000000 ____D () D:\Users\tyl2\AppData\Roaming\My Streaming Media
    2014-09-10 02:09 - 2014-06-13 21:20 - 00000000 ____D () D:\Users\tyl2\AppData\Local\Adobe
    2014-09-09 21:49 - 2011-08-09 11:58 - 00000000 ____D () D:\ProgramData\Microsoft Help
    2014-09-09 21:47 - 2012-09-18 13:44 - 01280200 _____ () D:\Windows\SysWOW64\PerfStringBackup.INI
    2014-09-09 21:46 - 2013-08-15 11:56 - 00000000 ____D () D:\Windows\system32\MRT
    2014-09-09 21:41 - 2012-04-16 20:48 - 101694776 _____ (Microsoft Corporation) D:\Windows\system32\MRT.exe

    Some content of TEMP:
    ====================
    D:\Users\tyl2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmrimcb.dll
    D:\Users\tyl2\AppData\Local\Temp\i4jd1741133671231613728.exe
    D:\Users\tyl2\AppData\Local\Temp\i4jdel0.exe
    D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.dll
    D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exe
    D:\Users\tyl2\AppData\Local\Temp\JExplorer64.2.7.1.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    D:\Windows\System32\winlogon.exe => File is digitally signed
    D:\Windows\System32\wininit.exe => File is digitally signed
    D:\Windows\SysWOW64\wininit.exe => File is digitally signed
    D:\Windows\explorer.exe => File is digitally signed
    D:\Windows\SysWOW64\explorer.exe => File is digitally signed
    D:\Windows\System32\svchost.exe => File is digitally signed
    D:\Windows\SysWOW64\svchost.exe => File is digitally signed
    D:\Windows\System32\services.exe => File is digitally signed
    D:\Windows\System32\User32.dll => File is digitally signed
    D:\Windows\SysWOW64\User32.dll => File is digitally signed
    D:\Windows\System32\userinit.exe => File is digitally signed
    D:\Windows\SysWOW64\userinit.exe => File is digitally signed
    D:\Windows\System32\rpcss.dll => File is digitally signed
    D:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-09-29 19:23

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 01
    Ran by tyl2 at 2014-10-04 09:04:02
    Running from D:\Users\tyl2\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
    Alarm (HKLM-x32\...\Alarm_is1) (Version: 2.0.7 - Bluefive software)
    AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
    AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
    AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.0.9.0 - SlySoft)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
    AVG 2015 (Version: 15.0.4176 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
    Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
    Belkin Wireless G Plus MIMO USB Network Adapter (HKLM-x32\...\InstallShield_{993A352A-2957-4661-A1EF-2D8F6F3C9234}) (Version: 1.00.0002 - Belkin)
    Belkin Wireless G Plus MIMO USB Network Adapter (x32 Version: 1.00.0002 - Belkin) Hidden
    BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.8 - BlueJ Team)
    Casino Verite Blackjack V5.6 (HKLM-x32\...\{7CBA7A5E-45BF-4500-998C-DF540FE1703A}) (Version: 5.6 - QFIT)
    Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
    CVInstall2 (HKLM-x32\...\{25F75E24-6DD4-48F0-9734-24E1B57CF334}) (Version: 1.00.0000 - QFIT)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    DataExtractor (HKCU\...\1fe74cc2101dcd69) (Version: 2.0.9.3 - Datacation)
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version: - Microsoft)
    Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
    EaseUS Todo Backup Free 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
    Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Eraser 6.0.8.2273 (HKLM\...\{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}) (Version: 6.0.2273 - The Eraser Project)
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Evernote v. 4.6.3 (HKLM-x32\...\{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}) (Version: 4.6.3.8096 - Evernote Corp.)
    ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version: - )
    ffdshow v1.1.3966 [2011-08-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3966.0 - )
    ffdshow x64 v1.2.4422 [2012-04-09] (HKLM\...\ffdshow64_is1) (Version: 1.2.4422.0 - )
    FreeFileSync 5.6 (HKLM-x32\...\FreeFileSync) (Version: 5.6 - ZenJu)
    Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.2.1 - Greenfoot Team)
    HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HS Activity Generator (1.1.0) (HKLM-x32\...\HS Activity Generator (1.1.0)) (Version: 1.1.0 (en-US) - McDougal Littell)
    HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
    Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
    Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
    Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
    Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
    Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
    Keynote Connector (HKLM-x32\...\KeynoteConnector) (Version: - )
    KeyText v2.25 (HKLM-x32\...\KeyText_is1) (Version: - MJMSoft Design)
    Lantern 1.4.6 (HKLM-x32\...\3831-6452-7413-7646) (Version: 1.4.6 - Team Lantern)
    Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
    MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.9 - Design Science, Inc.)
    McDougal Littell EasyPlanner (HKLM-x32\...\McDougal Littell EasyPlanner) (Version: - )
    Microsoft .NET Framework 4.5.1 (CHS) (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (简体中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden
    Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
    Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
    MIT MathML Fonts 1.0 (HKLM-x32\...\{C6E52B1B-9905-469A-B8CD-399FDFA98873}) (Version: 1.0.0 - MIT)
    Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    Mozilla Thunderbird (3.1.10) (HKLM-x32\...\Mozilla Thunderbird (3.1.10)) (Version: 3.1.10 (en-US) - Mozilla)
    MozyHome (HKLM\...\{77A631E9-F5DB-6510-ABCC-3A744ABB77B2}) (Version: 2.22.0.313 - Mozy, Inc.)
    MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
    MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
    MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
    MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NoteTab Light 7 (Remove only) (HKLM-x32\...\NoteTab Light 7_is1) (Version: 7.1 - Fookes Holding Ltd)
    PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
    PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
    PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
    Replay Media Catcher 4 (4.3.2) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.2 - Applian Technologies)
    RSIGuard Stretch Edition (HKLM-x32\...\{8B9AE68B-8A0D-4963-B452-A07B293A71F0}) (Version: 4.0.34b - Remedy Interactive)
    SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
    Sketchpad (HKLM-x32\...\Sketchpad) (Version: - Key Curriculum Press)
    SMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)
    SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC)
    Speccy (HKLM\...\Speccy) (Version: 1.12 - Piriform)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    SRWare Iron version SRWare Iron 37.2000.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 37.2000.0 - SRWare)
    Switch Off (HKLM-x32\...\SwitchOff) (Version: 2.3 - YaSoft)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
    TestGen (HKLM-x32\...\TestGen) (Version: - )
    TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1953 - Intuit Inc.) Hidden
    TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
    TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
    TurboTax 2013 wnyiper (x32 Version: 013.000.1366 - Intuit Inc.) Hidden
    TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
    Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
    Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{AC36E3B7-5095-43B9-9A74-928420F88714}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version: - Microsoft)
    Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    WebConnect ComObj WCCOM1.22 (HKLM-x32\...\WebConnect ComObj_is1) (Version: - OpenConnect Systems) <==== ATTENTION
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
    Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinHTTrack Website Copier 3.48-3 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.3 - HTTrack)
    WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> D:\Users\tyl2\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> D:\Users\tyl2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2357674054-3202477373-2837072881-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> D:\Users\tyl2\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    29-09-2014 05:50:38 Installed AVG 2015
    29-09-2014 05:52:43 Installed AVG 2015
    01-10-2014 00:46:14 Windows Update
    04-10-2014 12:17:22 Device Driver Package Install: TAP Provider V9 for Private Tunnel Network adapters
    04-10-2014 12:37:44 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2012-07-12 22:40 - 00000869 ____A D:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.applian.securesites.com

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {5BCFD782-BDC5-4845-8443-60835659E694} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => D:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {750599BD-0757-44F8-BBA7-693978A9CCC6} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
    Task: {7E151230-2EFC-4077-952A-EE1487D47881} - System32\Tasks\Adobe Flash Player Updater => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
    Task: {EC87E332-D7C3-48CB-BA13-B714667DA2EF} - System32\Tasks\GarminUpdaterTask => D:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
    Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-08-11 21:40 - 2008-06-04 02:53 - 00027648 _____ () D:\Windows\System32\spd__l.dll
    2011-08-11 22:08 - 2007-01-03 12:03 - 00022016 _____ () D:\Windows\System32\sugo3l6.dll
    2011-10-07 05:39 - 2011-10-07 05:39 - 01304856 _____ () D:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
    2014-08-13 19:05 - 2014-08-12 12:07 - 00236568 _____ () D:\Users\tyl2\AppData\Roaming\Lantern\Lantern.exe
    2011-08-01 21:25 - 2011-08-01 21:25 - 08902144 _____ () D:\Program Files (x86)\RSIGuard\RSIGuard.exe
    2011-08-09 12:59 - 2011-05-28 22:05 - 00164864 _____ () D:\Program Files\WinRAR\rarext.dll
    2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () D:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2014-08-13 19:05 - 2014-08-12 12:07 - 04908544 _____ () D:\Users\tyl2\AppData\Roaming\Lantern\pt\flashlight\flashlight.exe
    2011-08-09 12:59 - 2011-05-28 22:03 - 01163264 _____ () D:\Program Files\WinRAR\WinRAR.exe
    2014-04-27 08:06 - 2013-09-04 11:19 - 00098888 _____ () D:\Program Files (x86)\EaseUS Backup\bin\CodeLog.dll
    2014-04-27 08:06 - 2013-11-14 14:59 - 00031304 _____ () D:\Program Files (x86)\EaseUS Backup\bin\CheckTool.dll
    2014-04-27 08:06 - 2008-11-25 17:18 - 01291264 _____ () D:\Program Files (x86)\EaseUS Backup\bin\libxml2.dll
    2014-04-27 08:06 - 2004-10-05 03:08 - 00055808 _____ () D:\Program Files (x86)\EaseUS Backup\bin\zlib1.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00029768 _____ () D:\Program Files (x86)\EaseUS Backup\bin\CompressFile.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00050248 _____ () D:\Program Files (x86)\EaseUS Backup\bin\TBGetRemoteNetInfo.dll
    2014-04-27 08:06 - 2014-01-13 18:06 - 00105544 _____ () D:\Program Files (x86)\EaseUS Backup\bin\ActivationOnline.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00030280 _____ () D:\Program Files (x86)\EaseUS Backup\bin\DiskSearchImg.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00293960 _____ () D:\Program Files (x86)\EaseUS Backup\bin\ExchBackupSize.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00578632 _____ () D:\Program Files (x86)\EaseUS Backup\bin\ExImage.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00468040 _____ () D:\Program Files (x86)\EaseUS Backup\bin\ExchBackupSizeEx.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00192072 _____ () D:\Program Files (x86)\EaseUS Backup\bin\EmailBackupSize.dll
    2014-04-27 08:06 - 2013-12-23 11:01 - 00281672 _____ () D:\Program Files (x86)\EaseUS Backup\bin\AndroidImage.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00068680 _____ () D:\Program Files (x86)\EaseUS Backup\bin\EnumTapeDevice.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00069192 _____ () D:\Program Files (x86)\EaseUS Backup\bin\TbTapeBrowse.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00022600 _____ () D:\Program Files (x86)\EaseUS Backup\bin\AccountManager.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00115784 _____ () D:\Program Files (x86)\EaseUS Backup\bin\NasOperator.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00192584 _____ () D:\Program Files (x86)\EaseUS Backup\bin\EmailBrowser.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00135752 _____ () D:\Program Files (x86)\EaseUS Backup\bin\CloudOperator.dll
    2014-04-27 08:06 - 2013-10-22 17:31 - 00037960 _____ () D:\Program Files (x86)\EaseUS Backup\bin\ActiveOnline.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00135240 _____ () D:\Program Files (x86)\EaseUS Backup\bin\VMConfig.dll
    2014-04-27 08:06 - 2013-12-24 17:42 - 00017992 _____ () D:\Program Files (x86)\EaseUS Backup\bin\AndroidDeviceManager.dll
    2014-04-27 08:06 - 2013-09-04 11:19 - 00096840 _____ () D:\Program Files (x86)\EaseUS Backup\bin\TBFireWall.dll
    2014-10-04 06:07 - 2014-10-04 06:07 - 00057344 ____N () D:\Users\tyl2\AppData\Local\Temp\1412417261280-0\jdpapi.dll
    2014-08-13 19:06 - 2014-10-04 06:07 - 00009216 _____ () D:\Users\tyl2\.lantern\winproxy4j.dll
    2014-08-13 19:06 - 2014-08-13 19:06 - 00202096 _____ () D:\Users\tyl2\.jnaerator\extractedLibraries\jninatpmp.dll
    2014-08-13 19:07 - 2014-08-12 12:07 - 00108544 _____ () D:\Users\tyl2\.littleshoot\lib\x86-Windows-gpp\jni\libgcc_s_sjlj-1.dll
    2014-08-13 19:07 - 2014-08-12 12:07 - 00863744 _____ () D:\Users\tyl2\.littleshoot\lib\x86-Windows-gpp\jni\libstdc++-6.dll
    2014-08-13 19:07 - 2014-08-12 12:07 - 00507393 _____ () D:\Users\tyl2\.littleshoot\lib\x86-Windows-gpp\jni\barchart-udt-core-2.3.0-SNAPSHOT.dll
    2011-01-07 15:49 - 2011-01-07 15:49 - 00077320 _____ () D:\Program Files (x86)\RSIGuard\RSIWatch.dll
    2011-08-08 18:05 - 2004-05-19 02:25 - 00049152 _____ () D:\Program Files (x86)\KeyText\keytext2.dll
    2011-08-08 18:05 - 2004-05-19 02:25 - 00049152 _____ () D:\Program Files (x86)\KeyText\keytext.dll
    2014-10-04 06:08 - 2014-10-04 06:08 - 00043008 _____ () d:\users\tyl2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmrimcb.dll
    2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () D:\Users\tyl2\AppData\Roaming\Dropbox\bin\libcef.dll
    2012-09-08 12:16 - 2012-09-08 12:16 - 00433664 _____ () D:\Program Files (x86)\Evernote\libxml2.dll
    2012-09-08 12:16 - 2012-09-08 12:16 - 00315392 _____ () D:\Program Files (x86)\Evernote\libtidy.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: BDESVC => 3
    MSCONFIG\Services: mozybackup => 2
    MSCONFIG\Services: SCardSvr => 3
    MSCONFIG\Services: SCPolicySvc => 3
    MSCONFIG\Services: SMARTHelperService => 2
    MSCONFIG\Services: TabletInputService => 3
    MSCONFIG\Services: TapiSrv => 3
    MSCONFIG\Services: TBS => 3
    MSCONFIG\Services: UmRdpService => 3
    MSCONFIG\Services: WbioSrvc => 3
    MSCONFIG\Services: WMPNetworkSvc => 2
    MSCONFIG\Services: WPCSvc => 3
    MSCONFIG\Services: wscsvc => 2
    MSCONFIG\Services: WwanSvc => 3
    MSCONFIG\startupfolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk => D:\Windows\pss\MozyHome Status.lnk.CommonStartup
    MSCONFIG\startupreg: EaseUs TB Tray Agent => "D:\Program Files (x86)\TrayPopup\TrayTipAgent.exe"
    MSCONFIG\startupreg: EaseUs Tray => "D:\Program Files (x86)\EaseUS Backup\bin\TrayNotify.exe"
    MSCONFIG\startupreg: EaseUs Watch => "D:\Program Files (x86)\EaseUS Backup\bin\EuWatch.exe"
    MSCONFIG\startupreg: GarminExpressTrayApp => "D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    MSCONFIG\startupreg: sbsdk-server => "D:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"
    MSCONFIG\startupreg: SMART Board Service => "D:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d
    MSCONFIG\startupreg: SMART Board Tools => "D:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe"
    MSCONFIG\startupreg: SMART Floating Tools => "D:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe"
    MSCONFIG\startupreg: SMART Ink => "D:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe" -a
    MSCONFIG\startupreg: SMART Tray Tools => "D:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe"
    MSCONFIG\startupreg: SMARTNotification => "D:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2357674054-3202477373-2837072881-500 - Administrator - Disabled)
    Guest (S-1-5-21-2357674054-3202477373-2837072881-501 - Limited - Enabled) => D:\Users\Guest
    HomeGroupUser$ (S-1-5-21-2357674054-3202477373-2837072881-1009 - Limited - Enabled)
    tyl2 (S-1-5-21-2357674054-3202477373-2837072881-1000 - Administrator - Enabled) => D:\Users\tyl2

    ==================== Faulty Device Manager Devices =============

    Name: LogMeIn Kernel Information Provider
    Description: LogMeIn Kernel Information Provider
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: LMIInfo
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name:
    Description:
    Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/04/2014 08:36:38 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: JExplorer32.2.7.1.exe, version: 2.2.0.0, time stamp: 0x516e9748
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x000332b0
    Faulting process id: 0x22d8
    Faulting application start time: 0xJExplorer32.2.7.1.exe0
    Faulting application path: JExplorer32.2.7.1.exe1
    Faulting module path: JExplorer32.2.7.1.exe2
    Report Id: JExplorer32.2.7.1.exe3

    Error: (10/04/2014 08:28:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program OpenVPN23.exe version 2.3.9.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1e6c

    Start Time: 01cfdfcd067285ab

    Termination Time: 0

    Application Path: C:\Storage\OpenVPN23.exe

    Report Id: 8564267e-4bc0-11e4-a07a-001d09a11ec2

    Error: (10/04/2014 08:27:03 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: JExplorer32.2.7.1.exe, version: 2.2.0.0, time stamp: 0x516e9748
    Faulting module name: mshtml.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67
    Exception code: 0xc0000602
    Fault offset: 0x006e9afb
    Faulting process id: 0x2010
    Faulting application start time: 0xJExplorer32.2.7.1.exe0
    Faulting application path: JExplorer32.2.7.1.exe1
    Faulting module path: JExplorer32.2.7.1.exe2
    Report Id: JExplorer32.2.7.1.exe3

    Error: (10/04/2014 08:21:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: JExplorer32.2.7.1.exe, version: 2.2.0.0, time stamp: 0x516e9748
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x000332cd
    Faulting process id: 0x1d78
    Faulting application start time: 0xJExplorer32.2.7.1.exe0
    Faulting application path: JExplorer32.2.7.1.exe1
    Faulting module path: JExplorer32.2.7.1.exe2
    Report Id: JExplorer32.2.7.1.exe3

    Error: (10/04/2014 07:10:52 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
    Faulting module name: aeinv.dll, version: 6.1.7601.18467, time stamp: 0x536c719a
    Exception code: 0xc0000005
    Fault offset: 0x0000000000032501
    Faulting process id: 0x1614
    Faulting application start time: 0xrundll32.exe_aepdu.dll0
    Faulting application path: rundll32.exe_aepdu.dll1
    Faulting module path: rundll32.exe_aepdu.dll2
    Report Id: rundll32.exe_aepdu.dll3

    Error: (10/04/2014 07:10:38 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

    Error: (10/04/2014 06:08:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/02/2014 07:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/02/2014 01:27:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
    Faulting module name: aeinv.dll, version: 6.1.7601.18467, time stamp: 0x536c719a
    Exception code: 0xc0000005
    Fault offset: 0x0000000000032501
    Faulting process id: 0x7d4
    Faulting application start time: 0xrundll32.exe_aepdu.dll0
    Faulting application path: rundll32.exe_aepdu.dll1
    Faulting module path: rundll32.exe_aepdu.dll2
    Report Id: rundll32.exe_aepdu.dll3

    Error: (10/02/2014 01:27:11 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.


    System errors:
    =============
    Error: (10/04/2014 06:07:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
    %%3

    Error: (10/04/2014 06:07:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The DgiVecp service failed to start due to the following error:
    %%20

    Error: (10/04/2014 06:07:00 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 12:03:06 AM on ‎10/‎3/‎2014 was unexpected.

    Error: (10/02/2014 07:16:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (10/02/2014 07:10:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
    %%3

    Error: (10/02/2014 07:10:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Garmin Core Update Service service failed to start due to the following error:
    %%1053

    Error: (10/02/2014 07:10:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

    Error: (10/02/2014 07:10:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The DgiVecp service failed to start due to the following error:
    %%20

    Error: (10/02/2014 07:10:04 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 6:46:17 AM on ‎10/‎2/‎2014 was unexpected.

    Error: (10/01/2014 10:35:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
    %%3


    Microsoft Office Sessions:
    =========================
    Error: (10/04/2014 08:36:38 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: JExplorer32.2.7.1.exe2.2.0.0516e9748ntdll.dll6.1.7601.18247521ea8e7c0000005000332b022d801cfdfce8ce2ae44D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exeD:\Windows\SysWOW64\ntdll.dll14f91db6-4bc3-11e4-a07a-001d09a11ec2

    Error: (10/04/2014 08:28:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: OpenVPN23.exe2.3.9.31e6c01cfdfcd067285ab0C:\Storage\OpenVPN23.exe8564267e-4bc0-11e4-a07a-001d09a11ec2

    Error: (10/04/2014 08:27:03 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: JExplorer32.2.7.1.exe2.2.0.0516e9748mshtml.dll11.0.9600.1728053f27d67c0000602006e9afb201001cfdfce49d0d07cD:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exeD:\Windows\SysWOW64\mshtml.dllbea9e9e6-4bc1-11e4-a07a-001d09a11ec2

    Error: (10/04/2014 08:21:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: JExplorer32.2.7.1.exe2.2.0.0516e9748ntdll.dll6.1.7601.18247521ea8e7c0000005000332cd1d7801cfdfcd9acf83ecD:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exeD:\Windows\SysWOW64\ntdll.dllf2a54785-4bc0-11e4-a07a-001d09a11ec2

    Error: (10/04/2014 07:10:52 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rundll32.exe_aepdu.dll6.1.7600.163854a5bc9e0aeinv.dll6.1.7601.18467536c719ac00000050000000000032501161401cfdfc301ab67adD:\Windows\system32\rundll32.exeD:\Windows\system32\aeinv.dll1a2690a6-4bb7-11e4-a07a-001d09a11ec2

    Error: (10/04/2014 07:10:38 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentitylanguage*d:\program files (x86)\SpybotSD\DelZip179.dlld:\program files (x86)\SpybotSD\DelZip179.dll8

    Error: (10/04/2014 06:08:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/02/2014 07:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/02/2014 01:27:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rundll32.exe_aepdu.dll6.1.7600.163854a5bc9e0aeinv.dll6.1.7601.18467536c719ac000000500000000000325017d401cfde00c7d42544D:\Windows\system32\rundll32.exeD:\Windows\system32\aeinv.dllce0025db-49f4-11e4-a077-001d09a11ec2

    Error: (10/02/2014 01:27:11 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentitylanguage*d:\program files (x86)\SpybotSD\DelZip179.dlld:\program files (x86)\SpybotSD\DelZip179.dll8


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU E8300 @ 2.83GHz
    Percentage of memory in use: 58%
    Total physical RAM: 2046.18 MB
    Available physical RAM: 857.54 MB
    Total Pagefile: 5115.18 MB
    Available Pagefile: 2927.83 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:534.62 GB) (Free:112.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (7U) (Fixed) (Total:396.84 GB) (Free:136.65 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D0F4738C)
    Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
    Partition 2: (Active) - (Size=534.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=396.8 GB) - (Type=OF Extended)

    ==================== End Of Log ============================
    Attached Images Attached Images

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

    start
    CloseProcesses:
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [syshost32] => D:\Users\tyl2\AppData\Local\{1531A5D7-B4F4-5F38-B350-CDF2931D4AB6}\syshost.exe
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [ROC_ROC_APR2013_AV] => D:\Users\tyl2\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 6774ac5ff45f47d1a6cdd1544f45f731-e5ea4db2b6b3f03f7240b4b0f42b1f3c0e56ac5d --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2: {d39c8ede-05c4-11e3-8c27-dde1fa99cd3b} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2: {d97562d3-22bf-11e3-be4f-a9f332b18c39} - F:\HTC_Sync_Manager_PC.exe
    BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> D:\Program Files (x86)\HotspotShield\HssIE\HssIE_64.dll (AnchorFree Inc.)
    BHO-x32: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> D:\Program Files (x86)\HotspotShield\HssIE\HssIE.dll (AnchorFree Inc.)
    D:\Users\tyl2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmrimcb.dll
    D:\Users\tyl2\AppData\Local\Temp\i4jd1741133671231613728.exe
    D:\Users\tyl2\AppData\Local\Temp\i4jdel0.exe
    D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.dll
    D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exe
    D:\Users\tyl2\AppData\Local\Temp\JExplorer64.2.7.1.dll
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.



    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~~~~~~~~~~~~
    please post
    Fixlog.txt
    C:\AdwCleaner.txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Jul 2009
    Posts
    24

    Post

    FRST64 crashed after I tried the fix. The following are 3 error logs

    from Windows Event Viewer before I ran the tool again, which crashed

    again. These logs are followed by the others you requested.

    Faulting application name: FRST64.exe, version: 6.10.2014.1, time

    stamp: 0x5432d273
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:

    0x521eaf24
    Exception code: 0xc00000fd
    Fault offset: 0x000000000005626a
    Faulting process id: 0x1158
    Faulting application start time: 0x01cfe1d7672bff23
    Faulting application path: D:\Users\tyl2\Desktop\FRST64.exe
    Faulting module path: D:\Windows\SYSTEM32\ntdll.dll
    Report Id: f1cd76eb-4dca-11e4-bfb6-001d09a11ec2

    Activation context generation failed for "d:\program files

    (x86)\SpybotSD\DelZip179.dll".Error in manifest or policy file "d:

    \program files (x86)\SpybotSD\DelZip179.dll" on line 8. The value "*"

    of attribute "language" in element "assemblyIdentity" is invalid.

    Faulting application name: rundll32.exe_aepdu.dll, version:

    6.1.7600.16385, time stamp: 0x4a5bc9e0
    Faulting module name: aeinv.dll, version: 6.1.7601.18467, time stamp:

    0x536c719a
    Exception code: 0xc0000005
    Fault offset: 0x0000000000032501
    Faulting process id: 0xed0
    Faulting application start time: 0x01cfe1d9ea8bdcbd
    Faulting application path: D:\Windows\system32\rundll32.exe
    Faulting module path: D:\Windows\system32\aeinv.dll
    Report Id: 7bfd34a2-4dcd-11e4-bfb6-001d09a11ec2


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64)

    Version: 06-10-2014 01
    Ran by tyl2 at 2014-10-06 23:03:33 Run:2
    Running from D:\Users\tyl2\Desktop
    Loaded Profile: tyl2 (Available profiles: tyl2 & Guest)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run: [syshost32]

    => D:\Users\tyl2\AppData\Local\{1531A5D7-B4F4-5F38-B350-

    CDF2931D4AB6}\syshost.exe
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\Run:

    [ROC_ROC_APR2013_AV] => D:\Users\tyl2\AppData\Roaming\AVG April 2013

    Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid

    6774ac5ff45f47d1a6cdd1544f45f731-

    e5ea4db2b6b3f03f7240b4b0f42b1f3c0e56ac5d --CMPID ROC_APR2013_AV --CMPI

    (the data entry has 11 more characters).
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2:

    {d39c8ede-05c4-11e3-8c27-dde1fa99cd3b} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\...\MountPoints2:

    {d97562d3-22bf-11e3-be4f-a9f332b18c39} - F:\HTC_Sync_Manager_PC.exe
    BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->

    D:\Program Files (x86)\HotspotShield\HssIE\HssIE_64.dll (AnchorFree

    Inc.)
    BHO-x32: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

    -> D:\Program Files (x86)\HotspotShield\HssIE\HssIE.dll (AnchorFree

    Inc.)
    D:\Users\tyl2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-

    5766-8f84-3e3e7ecf0d81}.tmpmrimcb.dll
    D:\Users\tyl2\AppData\Local\Temp\i4jd1741133671231613728.exe
    D:\Users\tyl2\AppData\Local\Temp\i4jdel0.exe
    D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.dll
    D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exe
    D:\Users\tyl2\AppData\Local\Temp\JExplorer64.2.7.1.dll
    EmptyTemp:
    Hosts:
    End
    *****************

    Processes closed successfully.
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\Software\Microsoft

    \Windows\CurrentVersion\Run\\syshost32 => Value not found.
    HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\Software\Microsoft

    \Windows\CurrentVersion\Run\\ROC_ROC_APR2013_AV => Value not found.
    "HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\SOFTWARE\Microsoft

    \Windows\CurrentVersion\Explorer\MountPoints2\{d39c8ede-05c4-11e3-8c27

    -dde1fa99cd3b}" => Key not found.
    "HKCR\CLSID\{d39c8ede-05c4-11e3-8c27-dde1fa99cd3b}" => Key not found.
    "HKU\S-1-5-21-2357674054-3202477373-2837072881-1000\SOFTWARE\Microsoft

    \Windows\CurrentVersion\Explorer\MountPoints2\{d97562d3-22bf-11e3-

    be4f-a9f332b18c39}" => Key not found.
    "HKCR\CLSID\{d97562d3-22bf-11e3-be4f-a9f332b18c39}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

    Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key not found.
    "HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer

    \Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key

    not found.
    "HKCR\Wow6432Node\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key

    not found.
    "D:\Users\tyl2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-

    5766-8f84-3e3e7ecf0d81}.tmpmrimcb.dll" => File/Directory not found.
    "D:\Users\tyl2\AppData\Local\Temp\i4jd1741133671231613728.exe" =>

    File/Directory not found.
    "D:\Users\tyl2\AppData\Local\Temp\i4jdel0.exe" => File/Directory not

    found.
    "D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.dll" =>

    File/Directory not found.
    "D:\Users\tyl2\AppData\Local\Temp\JExplorer32.2.7.1.exe" =>

    File/Directory not found.
    "D:\Users\tyl2\AppData\Local\Temp\JExplorer64.2.7.1.dll" =>

    File/Directory not found.
    D:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.

    |
    |
    |
    |
    |

    # AdwCleaner v3.311 - Report created 06/10/2014 at 23:12:23
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : tyl2 - IMAGINENOHELL
    # Running from : D:\Users\tyl2\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : D:\Users\tyl2\AppData\Roaming\pdfforge

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp
    Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
    Key Deleted : HKCU\Software\5f07c05bbc68b302
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-

    740EC4D9060D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

    \{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

    \Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\hotspotshield
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\PIP

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v32.0.3 (x86 en-GB)

    [ File : D:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles

    \60dp6257.Guest\prefs.js ]


    [ File : D:\Users\tyl2\AppData\Roaming\Mozilla\Firefox\Profiles

    \7b5snte1.TYL2\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [2432 octets] - [06/10/2014 23:08:11]
    AdwCleaner[S0].txt - [2156 octets] - [06/10/2014 23:12:23]

    ########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [2216 octets]

    ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.1 (10.06.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by tyl2 on Mon 10/06/2014 at 23:25:43.97
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Empty Folder] D:\Users\tyl2\appdata\local

    \{1531A5D7-B4F4-5F38-B350-CDF2931D4AB6}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 10/06/2014 at 23:28:13.16
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I have no idea why the tools crashed but I need to ask a question.
    When you saved the fixlist.txt, did you use notepad?, reason is, it appears that word wrap might have been enabled?

    Let's try a couple things.

    Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
    There are 6 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click and choose Run as Admin
    You only need to get one of them to run, not all of them.
    1. rkill.exe
    2. rkill.com
    3. rkill.scr
    4. rkill.pif
    5. WiNlOgOn.exe
    6. uSeRiNiT.exe


    ~~~~~~~~~~~~~~~~~~~~~

    Also please download Windows Repair (all in one) from here


    Install the program then go to step 4 and create a new system restore point and new registry backup.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:




    NEXT
    On the the Start Repairs tab => Click the Start



    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):


    Click on box next to the Restart System when Finished. Then click on Start.

    After doing the above please post back and tell me what the computer is doing now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Jul 2009
    Posts
    24

    Default

    Quote Originally Posted by Juliet View Post
    I have no idea why the tools crashed but I need to ask a question.
    When you saved the fixlist.txt, did you use notepad?, reason is, it appears that word wrap might have been enabled?
    Yes, I used Notepad and Word Wrap was enabled. But FRST still crashed after I disabled Word Wrap.

    Please download and run the following tool to help allow other programs to run.
    1. rkill.exe
    Not really sure what I do after. rkill stopped AVG and other programs, but afterwards I still couldn't run FRST.

    Also please download Windows Repair (all in one) from here
    No issues found.

    On the the Start Repairs tab
    Click on box next to the Restart System when Finished. Then click on Start.

    After doing the above please post back and tell me what the computer is doing now.

    What do you mean by "what the computer is doing"? Malabytes didn't find anything, the computer restarted.

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Is AVG still alerting you it's finding more infections?

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note:
      For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan.


    *************************************
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Jul 2009
    Posts
    24

    Default

    Quote Originally Posted by Juliet View Post
    Is AVG still alerting you it's finding more infections?
    No, but I've largely avoided this computer since the infection, so I'm not sure if that means much.

    C:\$RECYCLE.BIN\S-1-5-21-2357674054-3202477373-2837072881-1000\$RDYKNOK.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
    C:\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield potentially unwanted application
    C:\Program Files\Vuze\.install4j\i4j_extf_11_5p83tu.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
    C:\Program Files\Vuze\.install4j\i4j_extf_4_5p83tu.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
    C:\Storage\ac3filter26a_full.exe Win32/OpenCandy potentially unsafe application
    C:\Storage\CCleaner413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    C:\Storage\DaemonToolsLite449.exe Win32/DownWare.L potentially unwanted application
    C:\Storage\EaseUsTodoBackup7.exe a variant of Win32/TFTPD32.A potentially unsafe application
    C:\Storage\FormatFactory230.zip a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
    C:\Storage\FreeFileSync514.exe Win32/OpenCandy potentially unsafe application
    C:\Storage\GetFLV88.rar a variant of Win32/HackTool.Patcher.T potentially unsafe application
    C:\Storage\GmailNotifier1087.exe a variant of Win32/InstallCore.D potentially unwanted application
    C:\Storage\HotspotShield270.exe Win32/Toolbar.Conduit potentially unwanted application
    C:\Storage\Nero94123Free.exe Win32/Toolbar.AskSBar potentially unwanted application
    C:\Storage\PandoraRecovery211.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
    C:\Storage\pdfcreator173.exe Win32/InstallMonetizer.AQ potentially unwanted application
    C:\Storage\Recuva145.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
    C:\Storage\SopCast383.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
    C:\Storage\SopCast383.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
    C:\Storage\Speccy118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
    C:\System Volume Information\_restore{F989767A-F049-4785-A079-FBDE7E3DEEC8}\RP11\A0041352.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application
    C:\System Volume Information\_restore{F989767A-F049-4785-A079-FBDE7E3DEEC8}\RP32\A0061062.exe a variant of Win32/HotSpotShield potentially unwanted application
    C:\System Volume Information\_restore{F989767A-F049-4785-A079-FBDE7E3DEEC8}\RP33\A0062664.exe a variant of Win32/HotSpotShield potentially unwanted application
    C:\System Volume Information\_restore{F989767A-F049-4785-A079-FBDE7E3DEEC8}\RP8\A0009048.exe Win32/OpenCandy potentially unsafe application
    D:\Program Files (x86)\EaseUS Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe application
    D:\Program Files (x86)\EaseUS Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe application
    D:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe Win32/Somoto.F potentially unwanted application
    D:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle potentially unsafe application
    D:\Users\tyl2\AppData\Roaming\Lantern\upnpc.exe a variant of Win32/MiniUPnP.C potentially unsafe application

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    When downloading applications to your computer it's best practice to chose custom install. Mostly, when doing this, you can opt out of the extra's that install sideline spyware/malware.

    Since FRST seems to be crashing, we can try a different tool.

    Download OTM by OldTimer Here & save it to your desktop.
    • Double click on OTM.exe to run it
    • Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved

    Note: Do not type it out to minimize the risk of typo error
    Code:
    :Files
    C:\$RECYCLE.BIN\S-1-5-21-2357674054-3202477373-2837072881-1000\$RDYKNOK.exe
    C:\Hotspot Shield\bin\openvpnas.exe     
    C:\Program Files\Vuze\.install4j\i4j_extf_11_5p83tu.exe 
    C:\Program Files\Vuze\.install4j\i4j_extf_4_5p83tu.exe  
    C:\Storage\ac3filter26a_full.exe        
    C:\Storage\CCleaner413.exe      
    C:\Storage\DaemonToolsLite449.exe       
    C:\Storage\EaseUsTodoBackup7.exe        
    C:\Storage\FormatFactory230.zip 
    C:\Storage\FreeFileSync514.exe  
    C:\Storage\GetFLV88.rar 
    C:\Storage\GmailNotifier1087.exe        
    C:\Storage\HotspotShield270.exe 
    C:\Storage\Nero94123Free.exe    
    C:\Storage\PandoraRecovery211.exe       
    C:\Storage\pdfcreator173.exe    
    C:\Storage\Recuva145.exe        
    C:\Storage\SopCast383.exe       
    C:\Storage\SopCast383.zip       
    C:\Storage\Speccy118.exe   
    D:\Program Files (x86)\EaseUS Backup\bin\PxeServer.dll  
    D:\Program Files (x86)\EaseUS Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll        
    D:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe   
    D:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll   
    D:\Users\tyl2\AppData\Roaming\Lantern\upnpc.exe
    :Commands
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
    • Click on MoveIt!
    • When done, click on Exit

    Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
    A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Jul 2009
    Posts
    24

    Post

    All processes killed
    ========== FILES ==========
    C:\$RECYCLE.BIN\S-1-5-21-2357674054-3202477373-2837072881-1000\$RDYKNOK.exe moved successfully.
    C:\Hotspot Shield\bin\openvpnas.exe moved successfully.
    C:\Program Files\Vuze\.install4j\i4j_extf_11_5p83tu.exe moved successfully.
    C:\Program Files\Vuze\.install4j\i4j_extf_4_5p83tu.exe moved successfully.
    C:\Storage\ac3filter26a_full.exe moved successfully.
    C:\Storage\EaseUsTodoBackup7.exe moved successfully.
    C:\Storage\FormatFactory230.zip moved successfully.
    C:\Storage\FreeFileSync514.exe moved successfully.
    C:\Storage\GetFLV88.rar moved successfully.
    C:\Storage\GmailNotifier1087.exe moved successfully.
    C:\Storage\HotspotShield270.exe moved successfully.
    C:\Storage\Nero94123Free.exe moved successfully.
    C:\Storage\PandoraRecovery211.exe moved successfully.
    C:\Storage\SopCast383.exe moved successfully.
    C:\Storage\SopCast383.zip moved successfully.
    C:\Storage\Speccy118.exe moved successfully.
    DllUnregisterServer procedure not found in D:\Program Files (x86)\EaseUS Backup\bin\PxeServer.dll
    D:\Program Files (x86)\EaseUS Backup\bin\PxeServer.dll moved successfully.
    DllUnregisterServer procedure not found in D:\Program Files (x86)\EaseUS Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll
    D:\Program Files (x86)\EaseUS Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll moved successfully.
    File/Folder D:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe not found.
    File/Folder D:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll not found.
    D:\Users\tyl2\AppData\Roaming\Lantern\upnpc.exe moved successfully.
    ========== COMMANDS ==========
    D:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 314414 bytes
    ->Temporary Internet Files folder emptied: 77840274 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 252164614 bytes
    ->Flash cache emptied: 6180 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: tyl2
    ->Temp folder emptied: 237200 bytes
    ->Temporary Internet Files folder emptied: 251757 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 369433237 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 25669610 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 2548299863 bytes

    Total Files Cleaned = 3,123.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LogMeInRemoteUser

    User: Public

    User: tyl2
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 10092014_092147

    Files moved on Reboot...
    D:\Users\tyl2\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. D:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Looks good.

    How is your computer now?
    Is it working as it should and returned to normal?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •