PDA

View Full Version : I have my farber report ready for some help



chuck 1962
2015-01-03, 17:41
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 02
Ran by chuckanddona at 2015-01-03 10:37:14
Running from C:\Users\chuckanddona\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.17 - Synaptics Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
Mozy Restore Manager (HKLM-x32\...\{B16C5426-D1A9-44B5-9471-315B349B3A31}) (Version: 2.1.1.557 - Mozy, Inc)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6741 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
YouTube Accelerator (HKLM-x32\...\YouTube Accelerator) (Version: 3394(build_93) - Goobzo Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

16-12-2014 10:43:12 Windows Update
20-12-2014 04:09:14 Windows Update
23-12-2014 09:59:57 Windows Update
26-12-2014 13:34:32 Windows Update
30-12-2014 12:11:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06EF068F-DDA5-4E40-821C-2444BAF3E68A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-20] (Synaptics Incorporated)
Task: {1898CD1A-5A59-426A-B2DE-D0343596C77D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {1B382090-BCB7-4D6E-83B3-884ED2F079D6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {25BD2C2C-3573-451B-8B79-77FCD6C48F5C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {34F0AEEE-5B95-4BBC-8FC6-D6AE65199A05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {35019EDB-EC89-4B4A-9A65-8C95F9B7213D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-09] (Microsoft Corporation)
Task: {4084102E-7C7D-4A1A-99BA-62FBC5B3D3A8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-11] (AVAST Software)
Task: {4D8476B9-631F-496E-9EFD-E26059D060E1} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {524A5A81-7219-441B-81FC-361359D19958} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {7493955B-3311-4E5D-93E5-FED66664858B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {8F4C8D02-CA76-4CFD-A9A8-3CD55E12E29D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {9CD31B5D-B522-4266-B391-BAD2890D5A08} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: {BEC8DCE1-FFF0-456C-9ED5-004A0476F276} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {EA800E60-B4F6-4EB2-9510-C43D2BEFE0D1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EB795C8D-50CE-4543-873C-2E95840A35C2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\DriverUpdate Daily Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\windows\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-12-11 18:16 - 2014-12-11 18:16 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-11 18:16 - 2014-12-11 18:16 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-02-12 09:36 - 2012-09-20 19:40 - 04875576 _____ () C:\Program Files\Synaptics\SynTP\DellTouchpad.exe
2013-02-12 09:36 - 2012-10-16 05:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-06 11:09 - 2013-04-19 17:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 11:09 - 2013-04-19 17:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2014-12-31 15:45 - 2014-12-31 15:45 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123101\algo.dll
2014-12-11 18:16 - 2014-12-11 18:16 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-02 14:06 - 2015-01-02 14:06 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010201\algo.dll
2014-12-09 18:08 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-09 18:08 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-09 18:08 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-09 18:08 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-09 18:08 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-02-12 10:49 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-09 12:00 - 2014-11-26 11:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-11 18:16 - 2014-12-11 18:16 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-06 11:09 - 2013-05-02 18:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Syst3EBB2919:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\chuckanddona\Desktop\GIDEON HASTINGS HOUSE - ViewMyPaycheck Invitation.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-253687255-1003371428-3526289271-500 - Administrator - Disabled) => C:\Users\Administrator
chuckanddona (S-1-5-21-253687255-1003371428-3526289271-1001 - Administrator - Enabled) => C:\Users\chuckanddona
Guest (S-1-5-21-253687255-1003371428-3526289271-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2014 09:01:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 16.1.0.0, time stamp: 0x521e80f5
Faulting module name: MurocApi.dll, version: 16.1.0.0, time stamp: 0x521e7ff7
Exception code: 0xc0000005
Fault offset: 0x0000000000026570
Faulting process id: 0xa38
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5

Error: (12/13/2014 09:45:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x162c
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/13/2014 09:01:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x11e0
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/13/2014 04:49:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x15c0
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/12/2014 05:58:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x14d8
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/12/2014 03:23:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x15e4
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/11/2014 07:02:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x1934
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/11/2014 06:10:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x1230
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/11/2014 06:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
The system cannot find the file specified.
.

Error: (12/11/2014 06:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (01/02/2015 10:08:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (01/01/2015 10:54:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (01/01/2015 10:49:12 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (01/01/2015 10:48:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (01/01/2015 10:17:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (12/31/2014 11:19:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (12/30/2014 01:02:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (12/30/2014 00:12:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (12/29/2014 11:12:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (12/29/2014 11:09:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).


Microsoft Office Sessions:
=========================
Error: (12/22/2014 09:01:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.1.0.0521e80f5MurocApi.dll16.1.0.0521e7ff7c00000050000000000026570a3801d01defa3eccaeaC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dllf6d24a18-89e2-11e4-bec5-6036ddc7c0a8

Error: (12/13/2014 09:45:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e162c01d016e34cd92e48C:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dllaa19cef2-82d6-11e4-beb5-6036ddc7c0a8

Error: (12/13/2014 09:01:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e11e001d016dd0355e773C:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dll941588f8-82d0-11e4-beb4-6036ddc7c0a8

Error: (12/13/2014 04:49:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e15c001d016ba11d01f91C:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dll51fd7f7a-82ad-11e4-beb3-6036ddc7c0a8

Error: (12/12/2014 05:58:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e14d801d0165ef8a90b7aC:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dll64ec4671-8252-11e4-beb2-6036ddc7c0a8

Error: (12/12/2014 03:23:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e15e401d0164963b16ee0C:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dllac99021d-823c-11e4-beb1-6036ddc7c0a8

Error: (12/11/2014 07:02:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e193401d0159ef61c6aefC:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dll378806db-8192-11e4-beb0-6036ddc7c0a8

Error: (12/11/2014 06:10:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e123001d01597992a9a7fC:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dlld9faa0ce-818a-11e4-beb0-6036ddc7c0a8

Error: (12/11/2014 06:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
The system cannot find the file specified.

Error: (12/11/2014 06:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 38%
Total physical RAM: 8061.27 MB
Available physical RAM: 4964.96 MB
Total Pagefile: 16253.27 MB
Available Pagefile: 13022.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.25 GB) (Free:833.67 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 321F687F)

Partition: GPT Partition Type.

==================== End Of Log ============================

Juliet
2015-01-04, 03:33
Hi

There are to be 2 logs when running Farbar Recovery Scan Tool

You posted the Addition.txt. If you could search for FRST.txt, copy and paste that for me please.

chuck 1962
2015-01-04, 06:35
Search where exactly, see what I can find, thanks for the response!

chuck 1962
2015-01-04, 06:55
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by chuckanddona (administrator) on CHCUKANDDONNA on 03-01-2015 23:51:18
Running from C:\Users\chuckanddona\Downloads
Loaded Profile: chuckanddona (Available profiles: chuckanddona & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Synaptics\SynTP\DellTouchpad.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(GOOBZO) C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DellWPF] => C:\Program Files\Synaptics\SynTP\DellTouchpad.exe [4875576 2012-09-20] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2918200 2012-09-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\...\Run: [GoobzoYouTubeAccelerator] => C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe [2227048 2014-08-18] (GOOBZO)
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\...\Run: [DellSystemDetect] => C:\Users\chuckanddona\AppData\Local\Apps\2.0\JQ744EMN.H18\VCG2H067.MWD\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe
Startup: C:\Users\chuckanddona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MightyText Notifier.lnk
ShortcutTarget: MightyText Notifier.lnk -> C:\Program Files (x86)\MightyText Notifier\MightyText Notifier.exe (No File)
Startup: C:\Users\chuckanddona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-253687255-1003371428-3526289271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www-search.net/search.aspx?s=E8Jwobrys01955,324c586e-3f3d-4841-a179-5e795d00c4dd,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-253687255-1003371428-3526289271-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chuckanddona\AppData\Roaming\Mozilla\Firefox\Profiles\hvn6q9yc.default-1418244429523
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: NoScript - C:\Users\chuckanddona\AppData\Roaming\Mozilla\Firefox\Profiles\hvn6q9yc.default-1418244429523\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-14]
FF Extension: Adblock Plus - C:\Users\chuckanddona\AppData\Roaming\Mozilla\Firefox\Profiles\hvn6q9yc.default-1418244429523\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-11]
FF HKU\S-1-5-21-253687255-1003371428-3526289271-1001\...\Firefox\Extensions: [{116F7DA5-09F5-637E-7A91-6796EA614907}] - C:\Program Files (x86)\ver6SpeeditUp\184.xpi

Chrome:
=======
CHR Profile: C:\Users\chuckanddona\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\chuckanddona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch [2014-10-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-11] (Avast Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-11] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-09-20] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-10-28] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-11] (Avast Software)
R2 webinstrNewH; C:\windows\system32\Drivers\webinstrNewH.sys [106456 2014-12-08] (Corsica)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 23:50 - 2015-01-03 23:51 - 00000000 ____D () C:\Users\chuckanddona\Downloads\FRST-OlderVersion
2015-01-03 15:41 - 2015-01-03 15:41 - 00000197 _____ () C:\windows\system32\2015-01-03-20-41-14.069-AvastVBoxSVC.exe-2852.log
2015-01-03 15:38 - 2015-01-03 15:38 - 00291192 _____ () C:\windows\Minidump\010315-39406-01.dmp
2015-01-03 10:37 - 2015-01-03 10:38 - 00024708 _____ () C:\Users\chuckanddona\Downloads\Addition.txt
2015-01-03 10:36 - 2015-01-03 23:51 - 00014677 _____ () C:\Users\chuckanddona\Downloads\FRST.txt
2015-01-01 10:51 - 2015-01-01 10:52 - 00000197 _____ () C:\windows\system32\2015-01-01-15-51-13.090-AvastVBoxSVC.exe-2160.log
2014-12-28 12:00 - 2014-12-28 12:01 - 00000197 _____ () C:\windows\system32\2014-12-28-17-00-15.031-AvastVBoxSVC.exe-3412.log
2014-12-28 11:32 - 2014-12-28 11:34 - 00000197 _____ () C:\windows\system32\2014-12-28-16-32-34.046-AvastVBoxSVC.exe-1400.log
2014-12-28 11:28 - 2014-12-28 11:28 - 00291192 _____ () C:\windows\Minidump\122814-38953-01.dmp
2014-12-25 13:07 - 2014-12-25 13:09 - 00000197 _____ () C:\windows\system32\2014-12-25-18-07-20.015-AvastVBoxSVC.exe-3464.log
2014-12-25 12:17 - 2014-12-25 12:17 - 00000197 _____ () C:\windows\system32\2014-12-25-17-17-49.018-AvastVBoxSVC.exe-2224.log
2014-12-24 14:56 - 2014-12-24 14:57 - 00000197 _____ () C:\windows\system32\2014-12-24-19-56-58.008-AvastVBoxSVC.exe-1520.log
2014-12-22 10:21 - 2014-12-22 10:21 - 00000197 _____ () C:\windows\system32\2014-12-22-15-21-08.011-AvastVBoxSVC.exe-2096.log
2014-12-22 09:58 - 2014-12-22 09:58 - 00000197 _____ () C:\windows\system32\2014-12-22-14-58-31.063-AvastVBoxSVC.exe-2892.log
2014-12-22 09:01 - 2014-12-22 09:01 - 00000197 _____ () C:\windows\system32\2014-12-22-14-01-13.091-AvastVBoxSVC.exe-1372.log
2014-12-18 13:53 - 2014-12-18 13:56 - 00000197 _____ () C:\windows\system32\2014-12-18-18-53-13.064-AvastVBoxSVC.exe-3592.log
2014-12-17 22:13 - 2014-12-17 22:15 - 00000197 _____ () C:\windows\system32\2014-12-18-03-13-14.042-AvastVBoxSVC.exe-3244.log
2014-12-17 21:54 - 2014-12-17 21:57 - 00000197 _____ () C:\windows\system32\2014-12-18-02-54-53.073-AvastVBoxSVC.exe-3028.log
2014-12-17 21:42 - 2014-12-17 21:43 - 00000197 _____ () C:\windows\system32\2014-12-18-02-42-31.000-AvastVBoxSVC.exe-3628.log
2014-12-17 20:14 - 2014-12-17 20:16 - 00000197 _____ () C:\windows\system32\2014-12-18-01-14-12.026-AvastVBoxSVC.exe-3096.log
2014-12-17 16:19 - 2014-12-17 16:20 - 00000197 _____ () C:\windows\system32\2014-12-17-21-19-27.042-AvastVBoxSVC.exe-3652.log
2014-12-15 16:33 - 2014-12-15 16:33 - 00031262 _____ () C:\Users\chuckanddona\Documents\Paystub dec 13.htm
2014-12-15 16:33 - 2014-12-15 16:33 - 00000000 ____D () C:\Users\chuckanddona\Documents\Paystub dec 13_files
2014-12-15 16:08 - 2014-12-15 16:08 - 00014354 _____ () C:\Users\chuckanddona\Documents\Mill hill dump run 2014.odt
2014-12-14 08:52 - 2014-12-14 08:52 - 00000197 _____ () C:\windows\system32\2014-12-14-13-52-00.028-AvastVBoxSVC.exe-1940.log
2014-12-14 00:04 - 2014-12-14 00:06 - 00000197 _____ () C:\windows\system32\2014-12-14-05-04-27.032-AvastVBoxSVC.exe-2244.log
2014-12-13 23:25 - 2014-12-13 23:27 - 00000197 _____ () C:\windows\system32\2014-12-14-04-25-40.048-AvastVBoxSVC.exe-3012.log
2014-12-13 22:58 - 2014-12-13 22:59 - 00000197 _____ () C:\windows\system32\2014-12-14-03-58-09.075-AvastVBoxSVC.exe-2128.log
2014-12-13 14:32 - 2014-12-13 14:34 - 00000197 _____ () C:\windows\system32\2014-12-13-19-32-38.027-AvastVBoxSVC.exe-3016.log
2014-12-13 14:22 - 2014-12-13 14:22 - 00000197 _____ () C:\windows\system32\2014-12-13-19-22-18.057-AvastVBoxSVC.exe-2828.log
2014-12-13 12:16 - 2014-12-13 12:16 - 00000197 _____ () C:\windows\system32\2014-12-13-17-16-08.023-AvastVBoxSVC.exe-3816.log
2014-12-13 09:53 - 2014-12-13 09:54 - 00000197 _____ () C:\windows\system32\2014-12-13-14-53-54.092-AvastVBoxSVC.exe-3592.log
2014-12-13 09:46 - 2014-12-13 09:46 - 00000197 _____ () C:\windows\system32\2014-12-13-14-46-11.061-AvastVBoxSVC.exe-4120.log
2014-12-13 06:10 - 2014-12-13 06:11 - 00000197 _____ () C:\windows\system32\2014-12-13-11-10-51.081-AvastVBoxSVC.exe-3760.log
2014-12-12 22:38 - 2014-12-12 22:38 - 00000197 _____ () C:\windows\system32\2014-12-13-03-38-14.098-AvastVBoxSVC.exe-4004.log
2014-12-12 17:55 - 2014-12-12 17:55 - 00000197 _____ () C:\windows\system32\2014-12-12-22-55-18.024-AvastVBoxSVC.exe-1216.log
2014-12-12 15:24 - 2014-12-12 15:24 - 00000197 _____ () C:\windows\system32\2014-12-12-20-24-32.058-AvastVBoxSVC.exe-4004.log
2014-12-11 18:26 - 2014-12-11 18:26 - 00000247 _____ () C:\windows\system32\2014-12-11-23-26-00.052-aswFe.exe-5564.log
2014-12-11 18:22 - 2014-12-11 18:25 - 00000247 _____ () C:\windows\system32\2014-12-11-23-22-36.072-aswFe.exe-6024.log
2014-12-11 18:22 - 2014-12-11 18:22 - 00000197 _____ () C:\windows\system32\2014-12-11-23-22-35.027-AvastVBoxSVC.exe-3880.log
2014-12-11 18:17 - 2014-12-11 18:17 - 00000000 ____D () C:\Users\chuckanddona\AppData\Roaming\AVAST Software
2014-12-11 18:16 - 2014-12-28 11:31 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-12-11 18:16 - 2014-12-11 18:16 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-11 18:16 - 2014-12-11 18:16 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-11 18:16 - 2014-12-11 18:16 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-11 18:16 - 2014-12-11 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-11 18:13 - 2014-12-11 18:13 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-11 18:11 - 2014-12-11 18:11 - 05006864 _____ (AVAST Software) C:\Users\chuckanddona\Downloads\avast_free_antivirus_setup_online(2).exe
2014-12-11 18:06 - 2014-12-11 18:06 - 05006864 _____ (AVAST Software) C:\Users\chuckanddona\Downloads\avast_free_antivirus_setup_online(1).exe
2014-12-11 14:34 - 2014-12-11 14:34 - 00000247 _____ () C:\windows\system32\2014-12-11-19-34-34.046-aswFe.exe-6660.log
2014-12-11 14:30 - 2014-12-11 14:34 - 00000247 _____ () C:\windows\system32\2014-12-11-19-30-42.036-aswFe.exe-4476.log
2014-12-11 14:30 - 2014-12-11 14:30 - 00000197 _____ () C:\windows\system32\2014-12-11-19-30-40.017-AvastVBoxSVC.exe-4996.log
2014-12-11 14:23 - 2014-12-11 14:23 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-12-11 14:23 - 2014-12-11 14:23 - 00000000 ____D () C:\windows\system32\vbox
2014-12-11 14:18 - 2014-12-11 18:13 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-11 14:18 - 2014-12-11 14:18 - 05006864 _____ (AVAST Software) C:\Users\chuckanddona\Downloads\avast_free_antivirus_setup_online.exe
2014-12-11 10:48 - 2015-01-03 23:51 - 02123776 _____ (Farbar) C:\Users\chuckanddona\Downloads\FRST64.exe
2014-12-11 10:48 - 2015-01-03 23:51 - 00000000 ____D () C:\FRST
2014-12-11 10:44 - 2014-12-11 10:44 - 00000207 _____ () C:\windows\tweaking.com-regbackup-CHCUKANDDONNA-Microsoft-Windows-8-(64-bit).dat
2014-12-11 10:43 - 2014-12-11 10:43 - 00000000 ____D () C:\RegBackup
2014-12-11 10:42 - 2014-12-11 10:42 - 00002237 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-11 10:42 - 2014-12-11 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-11 10:42 - 2014-12-11 10:42 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-11 10:41 - 2014-12-11 10:41 - 04215584 _____ () C:\Users\chuckanddona\Downloads\tweaking.com_registry_backup_setup.exe
2014-12-10 18:35 - 2014-12-10 18:35 - 00000000 ____D () C:\Users\chuckanddona\Intel
2014-12-09 18:09 - 2014-12-09 18:09 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-09 18:09 - 2014-12-09 18:09 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-09 18:09 - 2014-12-09 18:09 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-12-09 18:08 - 2014-12-09 19:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-09 18:08 - 2014-12-09 18:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-09 18:08 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-12-09 18:04 - 2014-12-09 18:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\chuckanddona\Downloads\spybot-2.4.exe
2014-12-09 16:50 - 2014-12-09 16:50 - 00001336 _____ () C:\Users\chuckanddona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware.lnk
2014-12-09 16:23 - 2014-12-09 16:23 - 04637504 _____ (AVG Technologies) C:\Users\chuckanddona\Downloads\avg_free_stb_all_2015_5557_cnet(1).exe
2014-12-09 16:14 - 2014-10-08 23:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-09 16:14 - 2014-10-08 23:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-09 16:14 - 2014-10-08 23:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-09 16:14 - 2014-10-08 22:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-09 16:14 - 2014-10-08 22:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-09 14:31 - 2014-10-11 02:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-09 14:31 - 2014-10-11 00:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-09 14:31 - 2014-10-08 22:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-09 14:31 - 2014-10-08 22:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-09 14:31 - 2014-10-08 22:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-09 14:31 - 2014-09-22 00:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-09 14:31 - 2014-09-21 22:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-09 14:30 - 2014-11-21 03:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-09 14:30 - 2014-11-21 03:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-09 14:30 - 2014-11-21 03:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-09 14:30 - 2014-11-21 03:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-09 14:30 - 2014-11-21 03:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-09 14:30 - 2014-11-21 03:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-09 14:30 - 2014-11-21 02:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-09 14:30 - 2014-11-21 02:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-09 14:30 - 2014-11-21 02:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-09 14:30 - 2014-11-21 02:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-09 14:30 - 2014-11-21 02:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-09 14:30 - 2014-11-21 02:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-09 14:30 - 2014-11-21 02:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-09 14:30 - 2014-11-21 02:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-09 14:30 - 2014-11-21 01:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-09 14:30 - 2014-11-20 23:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-09 14:30 - 2014-11-06 01:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-09 14:30 - 2014-11-06 00:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-09 12:55 - 2014-12-10 17:31 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-09 12:54 - 2014-12-09 12:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-09 12:54 - 2014-12-09 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-09 12:54 - 2014-12-09 12:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-09 12:54 - 2014-12-09 12:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-09 12:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-09 12:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-09 12:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-09 12:51 - 2014-12-09 12:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\chuckanddona\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-09 12:00 - 2014-12-09 12:00 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 12:00 - 2014-12-09 12:00 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 12:00 - 2014-12-09 12:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 09:39 - 2014-12-09 09:39 - 00000032 _____ () C:\ProgramData\Temp.log
2014-12-09 09:33 - 2014-12-09 09:33 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-12-08 09:45 - 2014-12-08 09:45 - 00106456 _____ (Corsica) C:\windows\system32\Drivers\webinstrNewH.sys
2014-12-08 09:45 - 2014-12-08 09:45 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-04 10:52 - 2014-12-09 09:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-04 10:52 - 2014-12-04 10:52 - 00880784 _____ (Google Inc.) C:\Users\chuckanddona\Downloads\GoogleEarthSetup(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 23:17 - 2014-08-18 23:00 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-253687255-1003371428-3526289271-1001
2015-01-03 23:17 - 2013-02-12 11:06 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-03 23:14 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2015-01-03 23:12 - 2013-02-12 10:57 - 00000000 ____D () C:\ProgramData\Temp
2015-01-03 15:38 - 2014-08-19 12:49 - 859913880 _____ () C:\windows\MEMORY.DMP
2015-01-03 15:38 - 2014-08-19 12:49 - 00000000 ____D () C:\windows\Minidump
2015-01-03 15:38 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-03 12:16 - 2013-02-12 10:34 - 01331472 _____ () C:\windows\WindowsUpdate.log
2015-01-03 11:05 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-28 12:03 - 2012-07-26 02:28 - 00850046 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-28 11:52 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
2014-12-25 13:04 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-12-19 18:08 - 2014-08-21 14:39 - 00000518 _____ () C:\windows\Tasks\DriverUpdate Daily Scan.job
2014-12-15 16:09 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-12-13 09:49 - 2014-10-31 08:07 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-13 09:49 - 2013-02-12 10:22 - 00624962 _____ () C:\windows\PFRO.log
2014-12-13 09:48 - 2012-07-26 03:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-12-12 14:09 - 2014-08-18 23:28 - 00000000 ____D () C:\Program Files (x86)\YouTube Accelerator
2014-12-10 19:04 - 2014-10-01 08:21 - 00000000 ____D () C:\Users\chuckanddona\AppData\Local\Adobe
2014-12-10 19:04 - 2013-02-12 11:03 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-10 18:40 - 2013-02-12 10:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-12-10 18:40 - 2013-02-12 10:49 - 00000000 ____D () C:\Program Files\Intel
2014-12-10 18:35 - 2014-08-18 17:13 - 00000000 ____D () C:\Users\chuckanddona
2014-12-10 18:30 - 2014-10-02 14:49 - 00000000 ____D () C:\Users\chuckanddona\AppData\Local\Deployment
2014-12-10 15:47 - 2014-10-23 13:43 - 00000000 ____D () C:\Users\chuckanddona\Desktop\Old Firefox Data
2014-12-10 08:58 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-10 08:45 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2014-12-09 20:03 - 2014-02-10 20:16 - 00000000 ____D () C:\Bovada
2014-12-09 16:17 - 2012-07-26 03:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-09 16:16 - 2014-08-19 03:23 - 00000000 ____D () C:\windows\system32\MRT
2014-12-09 16:15 - 2014-08-19 03:23 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-09 15:54 - 2014-10-26 12:12 - 00318592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-09 15:53 - 2014-08-18 23:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 14:18 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-09 13:12 - 2014-10-26 12:36 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-09 13:12 - 2014-08-18 23:23 - 00000000 ____D () C:\Users\chuckanddona\AppData\Roaming\Systweak
2014-12-09 13:11 - 2014-10-27 18:24 - 00000000 ____D () C:\ProgramData\LizardSales
2014-12-09 13:10 - 2014-09-09 19:25 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 09:43 - 2013-02-12 10:57 - 00000000 ____D () C:\ProgramData\CLSK
2014-12-09 09:43 - 2013-02-12 10:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-09 09:42 - 2013-02-12 10:57 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-09 03:37 - 2014-08-21 15:37 - 00000133 _____ () C:\Users\chuckanddona\AppData\Roaming\WB.CFG
2014-12-08 09:45 - 2014-10-26 12:35 - 00002081 _____ () C:\windows\patsearch.bin
2014-12-08 09:45 - 2012-07-26 02:21 - 00020480 _____ () C:\windows\setupact.log
2014-12-06 15:24 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-04 10:54 - 2014-08-18 23:26 - 00000000 ____D () C:\Users\chuckanddona\AppData\Local\Google

Some content of TEMP:
====================
C:\Users\chuckanddona\AppData\Local\Temp\cabex.dll
C:\Users\chuckanddona\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-28 10:14

==================== End Of Log ============================

chuck 1962
2015-01-04, 06:57
Its the same one but it says frst???

chuck 1962
2015-01-04, 07:15
Scan result of Farbar Recovery Scan Tool (FRST.txt)

Juliet
2015-01-04, 15:26
You did good, thats the log I needed to see.

Faulting application name: avgui.exe <-- AVG antivirus
AV: avast! Antivirus (Enabled - Up to date)
The above shows me you have an incomplete uninstall of AVG. Below is the web site from AVG with the tool that will complete the uninstall.

http://www.avg.com/us-en/utilities
scroll down to the version that was on your machine

~~~~~~~~

There was found a few malicious extensions in your browsers that need to be removed.

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)




Proceed with the reset once done.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)


~~~~~~~~~~~

Running from C:\Users\chuckanddona\Downloads
We need to move FRST (Farbar Recovery Scan Tool) to your desktop.

Please go to your Downloads folder, scroll to find Farbar Recovery Scan Tool, right click on that and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
Task: {25BD2C2C-3573-451B-8B79-77FCD6C48F5C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4D8476B9-631F-496E-9EFD-E26059D060E1} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EA800E60-B4F6-4EB2-9510-C43D2BEFE0D1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EB795C8D-50CE-4543-873C-2E95840A35C2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
AlternateDataStreams: C:\Syst3EBB2919:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www-search.net/search.aspx?s=E8Jwobrys01955,324c586e-3f3d-4841-a179-5e795d00c4dd,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-253687255-1003371428-3526289271-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
C:\Program Files (x86)\ver6SpeeditUp\184.xpi
CHR Extension: (No Name) - C:\Users\chuckanddona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch [2014-10-30]
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]
C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys
2014-12-09 13:12 - 2014-10-26 12:36 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-09 13:12 - 2014-08-18 23:23 - 00000000 ____D () C:\Users\chuckanddona\AppData\Roaming\Systweak
C:\Users\chuckanddona\AppData\Local\Temp\cabex.dll
C:\Users\chuckanddona\AppData\Local\Temp\tu17p84.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


*******

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.



please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

chuck 1962
2015-01-04, 20:04
Okay, it seems like a lot and confusing, but give me some time, I will try to do everything in order and as instructed, thanks!!

Juliet
2015-01-04, 20:14
If you need me, just reply.

It's actually not that hard once you get started :)

chuck 1962
2015-01-04, 20:52
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by chuckanddona at 2015-01-04 13:44:38 Run:1
Running from C:\Users\chuckanddona\Desktop
Loaded Profile: chuckanddona (Available profiles: chuckanddona & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Task: {25BD2C2C-3573-451B-8B79-77FCD6C48F5C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4D8476B9-631F-496E-9EFD-E26059D060E1} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EA800E60-B4F6-4EB2-9510-C43D2BEFE0D1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EB795C8D-50CE-4543-873C-2E95840A35C2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
AlternateDataStreams: C:\Syst3EBB2919:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www-search.net/search.aspx?s=E8Jwobrys01955,324c586e-3f3d-4841-a179-5e795d00c4dd,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-253687255-1003371428-3526289271-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
C:\Program Files (x86)\ver6SpeeditUp\184.xpi
CHR Extension: (No Name) - C:\Users\chuckanddona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch [2014-10-30]
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]
C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys
2014-12-09 13:12 - 2014-10-26 12:36 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-09 13:12 - 2014-08-18 23:23 - 00000000 ____D () C:\Users\chuckanddona\AppData\Roaming\Systweak
C:\Users\chuckanddona\AppData\Local\Temp\cabex.dll
C:\Users\chuckanddona\AppData\Local\Temp\tu17p84.exe
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25BD2C2C-3573-451B-8B79-77FCD6C48F5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25BD2C2C-3573-451B-8B79-77FCD6C48F5C}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D8476B9-631F-496E-9EFD-E26059D060E1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D8476B9-631F-496E-9EFD-E26059D060E1}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA800E60-B4F6-4EB2-9510-C43D2BEFE0D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA800E60-B4F6-4EB2-9510-C43D2BEFE0D1}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB795C8D-50CE-4543-873C-2E95840A35C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB795C8D-50CE-4543-873C-2E95840A35C2}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
C:\windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\windows\Tasks\APSnotifierPP3.job => Moved successfully.
C:\Syst3EBB2919 => ":$WIMMOUNTDATA" ADS removed successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-253687255-1003371428-3526289271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully.
HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} => Key not found.
"C:\Program Files (x86)\ver6SpeeditUp\184.xpi" => File/Directory not found.
C:\Users\chuckanddona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch => Moved successfully.
SMUpdd => Service deleted successfully.
"C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys" => File/Directory not found.
C:\Program Files (x86)\globalUpdate => Moved successfully.
C:\Users\chuckanddona\AppData\Roaming\Systweak => Moved successfully.
C:\Users\chuckanddona\AppData\Local\Temp\cabex.dll => Moved successfully.
C:\Users\chuckanddona\AppData\Local\Temp\tu17p84.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 179.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:45:36 ====

chuck 1962
2015-01-04, 21:01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8 x64
Ran by chuckanddona on Sun 01/04/2015 at 13:54:50.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\chuckanddona\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\chuckanddona\appdata\local\globalupdate"
Successfully deleted: [Folder] "C:\Program Files (x86)\predm"
Failed to delete: [Folder] "C:\Program Files (x86)\youtube accelerator"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\youtube accelerator"
Failed to delete: [Folder] "C:\Program Files (x86)\youtube accelerator"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/04/2015 at 13:58:51.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

chuck 1962
2015-01-04, 21:03
I think I did everything requested so far??

Juliet
2015-01-04, 21:42
http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

After you run this tool and post the log, also give me comments on how the computer is now.

chuck 1962
2015-01-04, 22:00
# AdwCleaner v4.106 - Report created 04/01/2015 at 14:55:42
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 8 (64 bits)
# Username : chuckanddona - CHCUKANDDONNA
# Running from : C:\Users\chuckanddona\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : webinstrNewH

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\d6aea9d9965d2bf1
Folder Deleted : C:\Program Files (x86)\YouTube Accelerator
Folder Deleted : C:\Users\chuckanddona\AppData\Local\CrashRpt
Folder Deleted : C:\Users\chuckanddona\AppData\LocalLow\Goobzo
Folder Deleted : C:\Users\chuckanddona\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Public\Documents\YTAHelper
File Deleted : C:\windows\System32\drivers\webinstrNewH.sys
File Deleted : C:\Users\Administrator\Desktop\YouTube Accelerator.lnk
File Deleted : C:\Users\chuckanddona\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\chuckanddona\AppData\Roaming\Mozilla\Firefox\Profiles\286156uk.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94bf21e4-4cfb-464c-9312-8b65220b78f4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{94bf21e4-4cfb-464c-9312-8b65220b78f4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{94bf21e4-4cfb-464c-9312-8b65220b78f4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\CommonShare
Key Deleted : HKCU\Software\AppDataLow\Software\SpeeditUp
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www-search.net

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[286156uk.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Groovorio");
[286156uk.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Groovorio");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [9503 octets] - [04/01/2015 14:53:08]
AdwCleaner[S0].txt - [9149 octets] - [04/01/2015 14:55:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9209 octets] ##########

chuck 1962
2015-01-04, 22:05
I turned off my scripts blocker that worked to keep the annoying pop ups and went to a web site that was really prone to them and they seem to be gone!!! This is amazing if it is true and worth the wait for your help!

Juliet
2015-01-04, 22:14
I turned off my scripts blocker that worked to keep the annoying pop ups and went to a web site that was really prone to them and they seem to be gone!!! This is amazing if it is true and worth the wait for your help!

Yeah!!

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.


*************************************

chuck 1962
2015-01-04, 22:18
Okay.. I have to go out for awhile. will do this later this evening or in the morning, will you be around?

Juliet
2015-01-04, 22:21
I check in often.

chuck 1962
2015-01-04, 22:31
new plan, just locked keys in car and waiting on AAA... gonna give this a try right now!

Juliet
2015-01-04, 23:03
new plan, just locked keys in car and waiting on AAA... gonna give this a try right now!

Oh my stars, don't do that!...wheres your extra set?

Yes, will be a good time to run the scan.

chuck 1962
2015-01-05, 14:59
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\ipc.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\xmldb.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\windows\System32\drivers\webinstrNewH.sys.vir Win64/Adware.AddLyrics.E application
C:\FRST\Quarantine\C\Users\chuckanddona\AppData\Local\Temp\tu17p84.exe.xBAD a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\Backup\DBRUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\chuckanddona\AppData\Local\nsl2CE3.tmp Win32/VOPackage.BC potentially unwanted application
C:\Users\chuckanddona\AppData\Local\Installer\Installyta_28091\ytai.exe a variant of Win32/SpeedBit.C potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\1zn72r9z.default-1414768909077\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\4of6rxmx.default-1416144829817\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\d1s22mmj.default-1414766510453\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\ec5k3vxz.default-1415286555222\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\eda6lsm0.default-1414089807006\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\g52sn5dt.default-1416052739247\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\h8tl7ddn.default-1416066202480\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\llg2redq.default\extensions\64ffxtbr@TelevisionFanatic.com\plugins\NativeMessagingDispatcher.dll Win32/Toolbar.MyWebSearch.AO potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\llg2redq.default\extensions\KUS@VbT0.org\content\bg.js JS/Kryptik.ATB trojan
C:\Users\chuckanddona\Desktop\Old Firefox Data\nfpxpldb.default-1416668850496\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\q0wider0.default-1415364493713\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\rg31oeqe.default-1415302381270\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\chuckanddona\Desktop\Old Firefox Data\st93mqs1.default-1416873200958\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\chuckanddona\Downloads\WeatherBugSetup(1).msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\chuckanddona\Downloads\WeatherBugSetup.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows.old\Users\chuckanddona\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows.old\Users\chuckanddona\AppData\Local\Temp\Offercast2802_WBV5_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

Juliet
2015-01-05, 15:48
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
C:\Users\chuckanddona\AppData\Local\nsl2CE3.tmp
C:\Users\chuckanddona\AppData\Local\Installer\Installyta_28091\ytai.exe
C:\Users\chuckanddona\Desktop\Old Firefox Data\1zn72r9z.default-1414768909077\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\4of6rxmx.default-1416144829817\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\d1s22mmj.default-1414766510453\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\ec5k3vxz.default-1415286555222\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\eda6lsm0.default-1414089807006\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\g52sn5dt.default-1416052739247\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\h8tl7ddn.default-1416066202480\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\llg2redq.default\extensions\64ffxtbr@TelevisionFanatic.com\plugins\NativeMessagingDispatcher.dll
C:\Users\chuckanddona\Desktop\Old Firefox Data\llg2redq.default\extensions\KUS@VbT0.org\content\bg.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\nfpxpldb.default-1416668850496\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\q0wider0.default-1415364493713\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\rg31oeqe.default-1415302381270\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\st93mqs1.default-1416873200958\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Downloads\WeatherBugSetup(1).msi
C:\Users\chuckanddona\Downloads\WeatherBugSetup.msi
C:\Windows.old\Users\chuckanddona\AppData\Local\Temp\ApnStub.exe
C:\Windows.old\Users\chuckanddona\AppData\Local\Temp\Offercast2802_WBV5_.exe
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


How is the computer now?

chuck 1962
2015-01-05, 16:02
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by chuckanddona at 2015-01-05 08:58:59 Run:2
Running from C:\Users\chuckanddona\Desktop
Loaded Profile: chuckanddona (Available profiles: chuckanddona & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\chuckanddona\AppData\Local\nsl2CE3.tmp
C:\Users\chuckanddona\AppData\Local\Installer\Installyta_28091\ytai.exe
C:\Users\chuckanddona\Desktop\Old Firefox Data\1zn72r9z.default-1414768909077\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\4of6rxmx.default-1416144829817\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\d1s22mmj.default-1414766510453\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\ec5k3vxz.default-1415286555222\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\eda6lsm0.default-1414089807006\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\g52sn5dt.default-1416052739247\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\h8tl7ddn.default-1416066202480\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\llg2redq.default\extensions\64ffxtbr@TelevisionFanatic.com\plugins\NativeMessagingDispatcher.dll
C:\Users\chuckanddona\Desktop\Old Firefox Data\llg2redq.default\extensions\KUS@VbT0.org\content\bg.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\nfpxpldb.default-1416668850496\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\q0wider0.default-1415364493713\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\rg31oeqe.default-1415302381270\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Desktop\Old Firefox Data\st93mqs1.default-1416873200958\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js
C:\Users\chuckanddona\Downloads\WeatherBugSetup(1).msi
C:\Users\chuckanddona\Downloads\WeatherBugSetup.msi
C:\Windows.old\Users\chuckanddona\AppData\Local\Temp\ApnStub.exe
C:\Windows.old\Users\chuckanddona\AppData\Local\Temp\Offercast2802_WBV5_.exe
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Users\chuckanddona\AppData\Local\nsl2CE3.tmp => Moved successfully.
C:\Users\chuckanddona\AppData\Local\Installer\Installyta_28091\ytai.exe => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\1zn72r9z.default-1414768909077\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\4of6rxmx.default-1416144829817\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\d1s22mmj.default-1414766510453\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\ec5k3vxz.default-1415286555222\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\eda6lsm0.default-1414089807006\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\g52sn5dt.default-1416052739247\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\h8tl7ddn.default-1416066202480\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\llg2redq.default\extensions\64ffxtbr@TelevisionFanatic.com\plugins\NativeMessagingDispatcher.dll => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\llg2redq.default\extensions\KUS@VbT0.org\content\bg.js => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\nfpxpldb.default-1416668850496\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\q0wider0.default-1415364493713\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\rg31oeqe.default-1415302381270\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\chuckanddona\Desktop\Old Firefox Data\st93mqs1.default-1416873200958\extensions\wrigtdamon@yahoo.com\extensionData\plugins\91.js => Moved successfully.
C:\Users\chuckanddona\Downloads\WeatherBugSetup(1).msi => Moved successfully.
C:\Users\chuckanddona\Downloads\WeatherBugSetup.msi => Moved successfully.
C:\Windows.old\Users\chuckanddona\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Windows.old\Users\chuckanddona\AppData\Local\Temp\Offercast2802_WBV5_.exe => Moved successfully.
EmptyTemp: => Removed 185.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 08:59:14 ====

Juliet
2015-01-05, 16:25
Looks good, how is your computer now?

chuck 1962
2015-01-05, 16:33
Seems okay... not sure if it is related but I had to reboot because my key board wouldnt function? Wouldnt let me type anything?

chuck 1962
2015-01-05, 19:02
My key board keeps quitting on me and a reboot helps for awhile. I might have trouble responding to you. Any ideas?

Juliet
2015-01-05, 20:44
My key board keeps quitting on me and a reboot helps for awhile. I might have trouble responding to you. Any ideas?

Now this is a horse of a different color.

http://www.pcmag.com/article2/0,2817,2424402,00.asp
read over the tips in this link for suggestions

try the microsoft fixit
http://windows.microsoft.com/en-us/windows-vista/troubleshoot-keyboard-problems

Juliet
2015-01-05, 21:03
Also please download Windows Repair (all in one) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)

http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/step-4-tab.jpg
Install the program then go to step 4 and create a new system restore point and new registry backup.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
http://i1.ifrm.com/228/109/upload/p22001645.gif



NEXT
On the the Start Repairs tab => Click the Start
http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/start-repairs-tab.jpg


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
http://i1.ifrm.com/228/109/upload/p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

chuck 1962
2015-01-06, 02:01
avast keeps saying threat is detected when trying to download this program??

Juliet
2015-01-06, 02:15
At this time Avast is wrong, temporarily disable it so it can be downloaded to desktop.

chuck 1962
2015-01-06, 17:30
I am on a different machine. Now when I boot my computer, there is no pointer on the screen and I also get a message that Microsoft does not recognize my USB mouse! I am able to use my arrow buttons to open Firefox but after that I cannot make any moves at all? Is there anything I can do? something in safe mode or anything?

Juliet
2015-01-06, 18:09
Let's try some troubleshooting tips

pressed the "hide the pointer" key (fn F7), next to the "two screens" key (fn + F6). After press "fn" + F7 again.
http://answers.microsoft.com/en-us/windows/forum/windows_8-hardware/disappearing-pointer-with-windows-8-touch-screen/1d5491f9-dbac-4d8d-ac34-a1b1d2d9aee9

could try this

Goto Start > Control Panel > Mouse
Click on the Pointer Options tab
Ensure that the checkbox for Show location of pointer when I press the CTRL key is checked
Click on the Apply button


Now when you press the CTRL key, you will be able to find the exact location of your mouse

http://www.tomshardware.com/forum/43107-63-missing-mouse-pointer


Try to boot into safemode with networking, if it works then go to the below microsoft link

http://support.microsoft.com/kb/871233
Unplug the USB device, and then plug the device back into the computer or hub. If your computer still does not recognize the device, go to the next

Method 1: Initiate recognition of the USB device by using Device Manager
To initiate recognition of the USB device by using Device Manager, follow these steps:

Click Start, click Run, type Devmgmt.msc, and then click OK. The Device Manager window opens.
Click to select your computer as the location for the scan.
On the Action menu, click Scan for hardware changes.

Close the Device Manager window.

If this method resolves the issue, you are finished.

If this method does not resolve the issue, go to method 2.
Method 2: Disable power management of the USB hub
Note If you perform the following procedure, you may also reduce the battery life on a portable computer.

Use this method if method 1 does not work. To disable power management of the USB hub, follow these steps:

Click Start, click Run, type Devmgmt.msc, and then click OK. The Device Manager window opens.
Expand Universal Serial Bus controllers.
Right-click a USB Root Hub in the list, and then click Properties. The USB Root Hub Properties dialog box is displayed.
Click the Power Management tab.
Click to clear the Allow the computer to turn off this device to save power check box, and then click OK.
Repeat steps 3 through 6 for each USB Root Hub in the list.
On the Action menu, click Scan for hardware changes.
Close the Device Manager window.

Juliet
2015-01-06, 18:14
Scroll down to 'Reinstall the mouse software'
http://support.microsoft.com/kb/223256

then scroll to 'devmgmt.msc ' and follow those instructions

chuck 1962
2015-01-06, 18:46
I have tried using fn f7 key, doesn't seem to do anything. I can get into the control panel and to the mouse using only the arrow keys but from there it won't let me do anything with arrow keys alone and there is still no pointer. I am trying to go into safe mode, I shut down unplugged and took out battery. When I rebooted it skipped right passed the page that has the f2 and f12 option for a boot into safe mode. I am going to give this another try. When I get in safe mode not sure exactly which option I am going for? Thanks for all the advice and time!

chuck 1962
2015-01-06, 18:51
I am in boot mode now. Says boot mode is set to uefi secure boot on. Other options diagnostic or enter set up or peripheral device settings or change boot mode?

Juliet
2015-01-06, 22:45
change boot mode?
if anything I would see if safemode with networking is available?
if not don't boot into uefi secure boot.

ANother way to get into safemode, then into safe mode with networking is

hold the power button down on the computer and count to 5, then wait a minute, then power back on.
Sometimes this brings up the option for safemode with networking.

chuck 1962
2015-01-06, 23:34
Not sure what I did exactly, have been rebooting and trying to get into safe mode, turns out it is different with windows 8. Anyway, all of a sudden it booted with the pointer and full function of my touch pad. I had been using the USB mouse as a work around for my touch pad not working properly. I am now hoping that whatever the problem with my touch pad was fixed with whatever you did with me. Its too soon to tell if this is permanent or if it will glitch again with a re boot or just stop working for whatever reason. I am going to play around and hopefully report back that all seems fine. Is there anything you want me to do? Run another scan or anything to see if all is well?

chuck 1962
2015-01-06, 23:46
Spoke too soon. Was surfing the web and the pointer just disappeared. Tried plugging in USB mouse. Says the last USB device you connected to this computer malfunctioned, and windows does not recognize it. I am going to keep trying to get in under safe mode again. Will keep checking here to see if any of this new info has given us a new course. If I have progress will let you know. :(

Juliet
2015-01-06, 23:48
Not sure what I did exactly, have been rebooting and trying to get into safe mode, turns out it is different with windows 8. Anyway, all of a sudden it booted with the pointer and full function of my touch pad. I had been using the USB mouse as a work around for my touch pad not working properly. I am now hoping that whatever the problem with my touch pad was fixed with whatever you did with me. Its too soon to tell if this is permanent or if it will glitch again with a re boot or just stop working for whatever reason. I am going to play around and hopefully report back that all seems fine. Is there anything you want me to do? Run another scan or anything to see if all is well?

I have no idea what you had attempted when it rebooted so I'm not sure what to say.

I had been using the USB mouse as a work around for my touch pad not working properly.
I have a feeling it has something to do with this.
Could be drivers needed to be updated or one was corrupt....bad USB port,

We had removed all the malware and were at a point to remove the tools with quarantine folders. After that I would post preventive tips.

chuck 1962
2015-01-06, 23:49
Ha! Went back to laptop and mouse is back but seems jumpy, not moving accurately.

chuck 1962
2015-01-06, 23:51
Should I check drivers for problems?

Juliet
2015-01-06, 23:55
It's hardware,
I went to an HP web site for windows 8 information
http://h10025.www1.hp.com/ewfrf/wc/document?docname=c03540049&cc=us&dlc=en&lc=en

and of course Microsoft
http://windows.microsoft.com/en-us/windows-8/where-is-device-manager

Let's see what happens.

How to enable the F8 key to start Safe Mode in Windows 8
http://www.bleepingcomputer.com/tutorials/enable-the-f8-key-in-windows-8/

chuck 1962
2015-01-07, 00:04
Says I have a problem with teredo tunneling pseudo interface driver. Wants to try to fix it. Not sure what that even is?

Juliet
2015-01-07, 00:23
http://forums.techguy.org/windows-7/1122695-microsoft-teredo-tunneling-adapter-has.html

Read over that link and see if it relates to your problem.

chuck 1962
2015-01-07, 01:43
I am almost beyond lost right now. Got into boot in safe mode. There is actually a way to do it with shift key plus f8 several times, but that doesn't always work. Anyway, then I had no Internet connection or bookmarks etc.. My mouse pad worked for a couple minutes and is now gone. I also found a combo Microsoft button with the r key then type run something in the box, that took me to the page to change the boot to safe mode with network, but becaus my mouse isn't working, that didn't work for me either. I am close to giving up but every oncein awhile I get a glimps of hope. What happened... Two days ago all was good?

Juliet
2015-01-07, 02:05
Things just happen.
Our malware removal here didn't touch anything associated with USB or mouse drivers. It's now become a hardware issue, why I don't know.

Don't give up yet.

Please register here
http://forums.whatthetech.com/index.php?showforum=126
very talented tech's will try to help who have a greater knowledge then me.
reference them to this thread if you like. I'm also a member there and teach malware removal at the WTT site. Thats to let you know it's safe and professional.

Juliet
2015-01-07, 21:02
Also, found an article that might be similar to yours, please read through this.

http://h30434.www3.hp.com/t5/Notebook-Gaming-Reply-Only/Can-t-move-mouse-while-holding-arrow-key/td-p/664339/page/2