PDA

View Full Version : Amazonaws Win 32-Evo-gen



Suemarie
2015-02-08, 11:00
Please see post: http://forums.spybot.info/showthread.php?71986-Amazonaws-an-Win-32-Evo-gen-issue. Apparently I did not copy the FRST, Addition, and aswMBR reports correctly. They would not all fit into one post. I will try again here.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by SueB (administrator) on SUEB-PC on 07-02-2015 21:25:31
Running from C:\Users\SueB\Downloads
Loaded Profiles: SueB (Available profiles: SueB)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(24im LLC) C:\Program Files (x86)\24im\24im Messenger\IMC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\System32\GManager.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
() C:\Program Files (x86)\SDDUpdater\updater.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [InbitIMC] => C:\Program Files (x86)\24im\24im Messenger\IMC.EXE [3423744 2013-11-30] (24im LLC)
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\RunOnce: [Adobe Speed Launcher] => 1423351560
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3890881620-3642371930-2457045338-1001] => localhost:8080
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3890881620-3642371930-2457045338-1001 -> DefaultScope {F675470B-C135-4DA8-A601-8A3F063FA64F} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3890881620-3642371930-2457045338-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3890881620-3642371930-2457045338-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3890881620-3642371930-2457045338-1001 -> {F675470B-C135-4DA8-A601-8A3F063FA64F} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3890881620-3642371930-2457045338-1001 -> {FBF428CE-6C57-4765-978A-D21EB5B3017C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3890881620-3642371930-2457045338-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3890881620-3642371930-2457045338-1001: @citrixonline.com/appdetectorplugin -> C:\Users\SueB\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\SueB\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-21]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Google Search) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-21] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-21] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [145840 2012-12-25] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-20] ()
R3 t2usb64; C:\Windows\System32\drivers\t2usb64.sys [410592 2012-09-21] (Magic Control Technology Corp.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-21] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 21:25 - 2015-02-07 21:25 - 00019733 _____ () C:\Users\SueB\Downloads\FRST.txt
2015-02-07 21:24 - 2015-02-07 21:24 - 02132992 _____ (Farbar) C:\Users\SueB\Downloads\FRST64.exe
2015-02-07 21:22 - 2015-02-07 21:22 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SUEB-PC-Windows-7-Home-Premium-(64-bit).dat
2015-02-07 21:21 - 2015-02-07 21:21 - 00000000 ____D () C:\RegBackup
2015-02-07 21:19 - 2015-02-07 21:19 - 00002243 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-07 21:19 - 2015-02-07 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-07 21:19 - 2015-02-07 21:19 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-07 21:18 - 2015-02-07 21:18 - 04803888 _____ () C:\Users\SueB\Downloads\tweaking.com_registry_backup_setup(1).exe
2015-02-07 21:16 - 2015-02-07 21:16 - 04803888 _____ () C:\Users\SueB\Downloads\tweaking.com_registry_backup_setup.exe
2015-02-07 18:27 - 2015-02-07 18:27 - 00000197 _____ () C:\Windows\system32\2015-02-07-23-27-13.048-AvastVBoxSVC.exe-5044.log
2015-02-07 18:25 - 2015-02-07 18:25 - 00000056 _____ () C:\Windows\setupact.log
2015-02-07 18:25 - 2015-02-07 18:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 17:45 - 2015-02-06 17:45 - 00000197 _____ () C:\Windows\system32\2015-02-06-22-45-45.021-AvastVBoxSVC.exe-4984.log
2015-02-06 07:26 - 2015-02-06 07:26 - 00000197 _____ () C:\Windows\system32\2015-02-06-12-26-56.047-AvastVBoxSVC.exe-4804.log
2015-02-05 04:00 - 2015-02-05 04:00 - 00000197 _____ () C:\Windows\system32\2015-02-05-09-00-32.038-AvastVBoxSVC.exe-1880.log
2015-02-04 23:35 - 2015-02-04 23:35 - 00000197 _____ () C:\Windows\system32\2015-02-05-04-35-14.054-AvastVBoxSVC.exe-4216.log
2015-02-04 20:06 - 2015-02-04 20:07 - 00000197 _____ () C:\Windows\system32\2015-02-05-01-06-57.085-AvastVBoxSVC.exe-4964.log
2015-02-04 10:14 - 2015-02-04 10:14 - 00000197 _____ () C:\Windows\system32\2015-02-04-15-14-08.068-AvastVBoxSVC.exe-1236.log
2015-02-04 10:01 - 2015-02-04 10:01 - 00000197 _____ () C:\Windows\system32\2015-02-04-15-01-50.030-AvastVBoxSVC.exe-5012.log
2015-02-04 04:28 - 2015-02-04 04:28 - 00000197 _____ () C:\Windows\system32\2015-02-04-09-28-42.022-AvastVBoxSVC.exe-4308.log
2015-02-03 07:53 - 2015-02-03 07:53 - 00000197 _____ () C:\Windows\system32\2015-02-03-12-53-16.059-AvastVBoxSVC.exe-5000.log
2015-02-02 06:31 - 2015-02-02 06:31 - 00000247 _____ () C:\Windows\system32\2015-02-02-11-31-41.090-aswFe.exe-5028.log
2015-02-02 06:27 - 2015-02-02 06:31 - 00000247 _____ () C:\Windows\system32\2015-02-02-11-27-55.019-aswFe.exe-4508.log
2015-02-02 06:27 - 2015-02-02 06:27 - 00000197 _____ () C:\Windows\system32\2015-02-02-11-27-51.006-AvastVBoxSVC.exe-4108.log
2015-02-01 23:24 - 2015-02-01 23:24 - 00000197 _____ () C:\Windows\system32\2015-02-02-04-24-31.012-AvastVBoxSVC.exe-4540.log
2015-02-01 07:57 - 2015-02-01 07:57 - 00000197 _____ () C:\Windows\system32\2015-02-01-12-57-51.077-AvastVBoxSVC.exe-3680.log
2015-01-31 10:36 - 2015-01-31 10:37 - 00000197 _____ () C:\Windows\system32\2015-01-31-15-36-51.011-AvastVBoxSVC.exe-4732.log
2015-01-30 07:41 - 2015-01-30 07:41 - 00000197 _____ () C:\Windows\system32\2015-01-30-12-41-45.072-AvastVBoxSVC.exe-3596.log
2015-01-29 09:01 - 2015-01-29 09:02 - 00000197 _____ () C:\Windows\system32\2015-01-29-14-01-50.007-AvastVBoxSVC.exe-2120.log
2015-01-28 18:27 - 2015-01-28 18:27 - 00000197 _____ () C:\Windows\system32\2015-01-28-23-27-09.047-AvastVBoxSVC.exe-4820.log
2015-01-28 03:26 - 2015-01-28 03:26 - 00000197 _____ () C:\Windows\system32\2015-01-28-08-26-14.078-AvastVBoxSVC.exe-5088.log
2015-01-27 21:42 - 2015-01-27 21:43 - 00000197 _____ () C:\Windows\system32\2015-01-28-02-42-42.035-AvastVBoxSVC.exe-4904.log
2015-01-27 09:39 - 2015-01-27 09:39 - 00000197 _____ () C:\Windows\system32\2015-01-27-14-39-05.082-AvastVBoxSVC.exe-4824.log
2015-01-26 21:35 - 2015-01-26 21:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 14:27 - 2015-01-26 14:28 - 00000197 _____ () C:\Windows\system32\2015-01-26-19-27-49.027-AvastVBoxSVC.exe-4892.log
2015-01-26 09:22 - 2015-01-26 09:23 - 00000197 _____ () C:\Windows\system32\2015-01-26-14-22-51.000-AvastVBoxSVC.exe-4264.log
2015-01-26 03:31 - 2015-01-26 03:31 - 00000197 _____ () C:\Windows\system32\2015-01-26-08-31-31.028-AvastVBoxSVC.exe-4736.log
2015-01-25 08:51 - 2015-01-25 08:51 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-25 08:51 - 2015-01-25 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-25 08:51 - 2015-01-25 08:51 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-25 08:51 - 2015-01-25 08:51 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-25 08:50 - 2015-01-25 08:50 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-25 08:50 - 2015-01-25 08:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-25 08:50 - 2015-01-25 08:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-25 08:50 - 2015-01-25 08:50 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 08:40 - 2015-01-25 08:41 - 00000197 _____ () C:\Windows\system32\2015-01-25-13-40-51.096-AvastVBoxSVC.exe-2864.log
2015-01-24 07:41 - 2015-01-24 07:41 - 00000197 _____ () C:\Windows\system32\2015-01-24-12-41-03.077-AvastVBoxSVC.exe-4628.log
2015-01-23 06:48 - 2015-01-23 06:48 - 00000197 _____ () C:\Windows\system32\2015-01-23-11-48-18.099-AvastVBoxSVC.exe-4612.log
2015-01-22 18:36 - 2015-01-22 18:36 - 00002037 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk
2015-01-22 18:36 - 2015-01-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2015-01-22 18:35 - 2015-01-22 18:36 - 00000000 ____D () C:\Program Files (x86)\HRBlock2014
2015-01-22 18:33 - 2015-01-22 18:34 - 51838496 _____ (HRB Technology, LLC.) C:\Users\SueB\Downloads\HRBlock_Deluxe+Efile+State (1).exe
2015-01-22 08:42 - 2015-01-22 08:42 - 00000197 _____ () C:\Windows\system32\2015-01-22-13-42-29.078-AvastVBoxSVC.exe-4684.log
2015-01-21 23:30 - 2015-01-21 23:30 - 00000197 _____ () C:\Windows\system32\2015-01-22-04-30-35.005-AvastVBoxSVC.exe-4940.log
2015-01-21 20:16 - 2015-01-21 20:17 - 00000197 _____ () C:\Windows\system32\2015-01-22-01-16-49.022-AvastVBoxSVC.exe-3196.log
2015-01-21 08:30 - 2015-01-21 08:30 - 00000197 _____ () C:\Windows\system32\2015-01-21-13-30-06.047-AvastVBoxSVC.exe-1216.log
2015-01-20 08:24 - 2015-01-20 08:25 - 00000197 _____ () C:\Windows\system32\2015-01-20-13-24-32.042-AvastVBoxSVC.exe-4532.log
2015-01-19 21:54 - 2015-01-19 21:54 - 00000197 _____ () C:\Windows\system32\2015-01-20-02-54-29.097-AvastVBoxSVC.exe-4468.log
2015-01-19 19:50 - 2015-01-19 19:50 - 00000197 _____ () C:\Windows\system32\2015-01-20-00-50-52.069-AvastVBoxSVC.exe-4596.log
2015-01-19 08:29 - 2015-01-19 08:30 - 00000197 _____ () C:\Windows\system32\2015-01-19-13-29-45.074-AvastVBoxSVC.exe-4100.log
2015-01-18 14:43 - 2015-01-18 14:43 - 00000197 _____ () C:\Windows\system32\2015-01-18-19-43-10.028-AvastVBoxSVC.exe-4140.log
2015-01-18 08:13 - 2015-01-18 08:14 - 00000197 _____ () C:\Windows\system32\2015-01-18-13-13-42.029-AvastVBoxSVC.exe-4800.log
2015-01-17 16:01 - 2015-01-17 16:01 - 00000197 _____ () C:\Windows\system32\2015-01-17-21-01-03.010-AvastVBoxSVC.exe-4216.log
2015-01-17 15:22 - 2015-01-17 15:22 - 00000197 _____ () C:\Windows\system32\2015-01-17-20-22-20.053-AvastVBoxSVC.exe-4700.log
2015-01-17 13:54 - 2015-01-17 13:54 - 00000197 _____ () C:\Windows\system32\2015-01-17-18-54-09.085-AvastVBoxSVC.exe-4904.log
2015-01-17 12:44 - 2015-01-17 12:44 - 00000197 _____ () C:\Windows\system32\2015-01-17-17-44-00.042-AvastVBoxSVC.exe-5684.log
2015-01-17 12:33 - 2015-01-17 12:33 - 00000197 _____ () C:\Windows\system32\2015-01-17-17-33-42.031-AvastVBoxSVC.exe-4456.log
2015-01-17 12:07 - 2015-01-17 12:07 - 00560976 _____ (Safer-Networking Ltd. ) C:\Users\SueB\Downloads\spybot2-license.exe
2015-01-17 10:14 - 2015-01-17 10:14 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-17 10:14 - 2015-01-17 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-17 10:14 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-17 10:13 - 2015-01-17 10:13 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\SueB\Downloads\spybot-2.4.exe
2015-01-17 09:56 - 2015-01-17 09:56 - 00000197 _____ () C:\Windows\system32\2015-01-17-14-56-16.029-AvastVBoxSVC.exe-1684.log
2015-01-17 08:53 - 2015-01-17 08:54 - 00000197 _____ () C:\Windows\system32\2015-01-17-13-53-45.081-AvastVBoxSVC.exe-4956.log
2015-01-16 08:43 - 2015-01-16 08:43 - 00000197 _____ () C:\Windows\system32\2015-01-16-13-43-10.066-AvastVBoxSVC.exe-3148.log
2015-01-15 06:08 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 04:54 - 2015-01-15 04:55 - 00000197 _____ () C:\Windows\system32\2015-01-15-09-54-39.019-AvastVBoxSVC.exe-4496.log
2015-01-14 20:58 - 2015-01-14 20:58 - 00000197 _____ () C:\Windows\system32\2015-01-15-01-58-41.017-AvastVBoxSVC.exe-3392.log
2015-01-14 08:36 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:36 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:36 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:36 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:36 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:36 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:36 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:36 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:36 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:36 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:36 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:36 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 08:25 - 2015-01-14 08:25 - 00000197 _____ () C:\Windows\system32\2015-01-14-13-25-26.043-AvastVBoxSVC.exe-4504.log
2015-01-14 01:59 - 2015-01-14 01:59 - 00000197 _____ () C:\Windows\system32\2015-01-14-06-59-08.051-AvastVBoxSVC.exe-4844.log
2015-01-13 06:28 - 2015-01-13 06:28 - 00000197 _____ () C:\Windows\system32\2015-01-13-11-28-23.054-AvastVBoxSVC.exe-3436.log
2015-01-11 03:50 - 2015-01-11 03:50 - 00000197 _____ () C:\Windows\system32\2015-01-11-08-50-01.072-AvastVBoxSVC.exe-2284.log
2015-01-10 17:40 - 2015-01-10 17:41 - 00000197 _____ () C:\Windows\system32\2015-01-10-22-40-25.060-AvastVBoxSVC.exe-4380.log
2015-01-09 23:55 - 2015-01-09 23:55 - 00000247 _____ () C:\Windows\system32\2015-01-10-04-55-17.025-aswFe.exe-5368.log
2015-01-09 23:48 - 2015-01-09 23:55 - 00000247 _____ () C:\Windows\system32\2015-01-10-04-48-53.049-aswFe.exe-5488.log
2015-01-09 23:48 - 2015-01-09 23:48 - 00000197 _____ () C:\Windows\system32\2015-01-10-04-48-48.041-AvastVBoxSVC.exe-4264.log
2015-01-09 20:36 - 2015-01-09 20:36 - 00000197 _____ () C:\Windows\system32\2015-01-10-01-36-53.049-AvastVBoxSVC.exe-3988.log
2015-01-09 20:04 - 2015-01-09 20:04 - 00000197 _____ () C:\Windows\system32\2015-01-10-01-04-10.055-AvastVBoxSVC.exe-4960.log
2015-01-09 09:26 - 2015-01-09 09:26 - 00000197 _____ () C:\Windows\system32\2015-01-09-14-26-12.068-AvastVBoxSVC.exe-4592.log
2015-01-08 18:39 - 2015-01-08 18:39 - 00000197 _____ () C:\Windows\system32\2015-01-08-23-39-08.090-AvastVBoxSVC.exe-4180.log
2015-01-08 10:46 - 2015-01-08 10:46 - 05317104 _____ (Piriform Ltd) C:\Users\SueB\Downloads\ccsetup501.exe
2015-01-08 10:44 - 2015-01-13 06:28 - 00000000 ____D () C:\Users\SueB\AppData\Local\wincheck
2015-01-08 10:42 - 2015-01-08 10:42 - 00003504 _____ () C:\Windows\System32\Tasks\BBQLeads
2015-01-08 10:41 - 2015-01-08 10:41 - 00000000 ____D () C:\Users\SueB\AppData\Local\TVWizard
2015-01-08 10:40 - 2015-01-08 18:37 - 00000000 ____D () C:\ProgramData\rskrDKbta
2015-01-08 10:40 - 2015-01-08 10:40 - 00004010 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-08 10:40 - 2015-01-08 10:40 - 00000000 ____D () C:\Windows\System32\Tasks\SDD
2015-01-08 10:40 - 2015-01-08 10:40 - 00000000 ____D () C:\Program Files (x86)\SDDUpdater
2015-01-08 08:02 - 2015-01-08 08:03 - 00000197 _____ () C:\Windows\system32\2015-01-08-13-02-29.038-AvastVBoxSVC.exe-4644.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 21:25 - 2014-07-29 23:32 - 00000000 ____D () C:\FRST
2015-02-07 21:10 - 2013-12-02 16:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 21:10 - 2013-11-24 13:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 20:48 - 2014-02-27 21:00 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001.job
2015-02-07 18:35 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 18:35 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 18:30 - 2014-02-19 08:57 - 01736036 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 18:26 - 2013-12-02 16:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 18:25 - 2013-08-30 19:14 - 00002812 _____ () C:\Windows\system32\GManager.ini
2015-02-07 18:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 17:10 - 2012-11-23 03:03 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\Skype
2015-02-06 00:05 - 2013-12-02 16:17 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 00:05 - 2013-12-02 16:17 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 11:10 - 2013-11-24 13:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 11:10 - 2013-11-24 13:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 11:10 - 2013-11-24 13:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 09:58 - 2012-11-26 03:52 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\FoozKids
2015-02-04 20:06 - 2012-11-21 17:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-03 15:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-01 16:59 - 2013-01-13 16:38 - 00000000 ____D () C:\Users\SueB\AppData\Local\CRE
2015-01-31 01:32 - 2014-07-03 17:36 - 00000000 ___RD () C:\Users\SueB\Desktop\ENTERTAINMENT
2015-01-27 09:37 - 2012-11-21 17:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 15:05 - 2013-12-02 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 10:18 - 2014-02-27 21:00 - 00003562 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001
2015-01-25 08:51 - 2014-06-20 19:58 - 00000000 ____D () C:\Program Files\Java
2015-01-25 08:50 - 2012-11-27 17:28 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-23 06:45 - 2009-07-13 23:45 - 00298104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-22 20:39 - 2012-11-21 16:55 - 00065064 _____ () C:\Users\SueB\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-22 18:35 - 2012-12-04 09:41 - 00000000 ____D () C:\Program Files (x86)\PDF995
2015-01-22 18:34 - 2012-12-04 09:40 - 00000000 ____D () C:\ProgramData\TaxCut
2015-01-22 08:47 - 2009-07-14 00:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 14:52 - 2009-07-13 21:34 - 00451135 ____R () C:\Windows\system32\Drivers\etc\hosts.20150131-160910.backup
2015-01-17 13:50 - 2012-04-12 21:57 - 00000000 ____D () C:\Program Files (x86)\Acer Games
2015-01-17 13:43 - 2012-12-04 09:41 - 00000000 ____D () C:\Program Files (x86)\HRBlock2012
2015-01-17 13:34 - 2013-11-20 07:20 - 00000000 ____D () C:\Program Files (x86)\HRBlock2013
2015-01-17 13:27 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-17 12:46 - 2012-04-12 21:57 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-17 12:40 - 2014-07-03 17:33 - 00000000 ___RD () C:\Users\SueB\Desktop\MY SECURITY SOFTWARE
2015-01-17 12:12 - 2014-04-08 16:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-17 10:14 - 2013-11-15 13:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-17 09:52 - 2014-04-08 17:13 - 00001061 _____ () C:\Windows\wininit.ini
2015-01-16 08:53 - 2014-12-02 19:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-16 08:53 - 2013-09-08 17:56 - 00002106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-01-16 08:53 - 2013-09-08 17:56 - 00002094 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-01-16 08:41 - 2014-03-15 16:24 - 00000000 ____D () C:\ProgramData\webex
2015-01-14 20:53 - 2013-08-14 23:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 20:49 - 2012-11-23 12:34 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-08 10:47 - 2014-04-06 22:12 - 00000000 ____D () C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2013-01-06 10:50 - 2013-01-18 18:00 - 0000000 _____ () C:\Users\SueB\AppData\Roaming\.googlewebacchosts
2014-01-16 10:43 - 2014-04-06 18:15 - 0000145 _____ () C:\Users\SueB\AppData\Roaming\WB.CFG
2014-01-16 10:43 - 2014-01-22 09:43 - 0000005 _____ () C:\Users\SueB\AppData\Roaming\WBPU-TTL.DAT
2014-06-30 23:00 - 2014-06-30 23:00 - 0000600 _____ () C:\Users\SueB\AppData\Roaming\winscp.rnd
2012-04-12 22:14 - 2012-11-22 00:35 - 0002472 _____ () C:\ProgramData\clear.fiSDK20.log
2013-03-07 19:52 - 2013-03-07 19:52 - 0000184 _____ () C:\ProgramData\defraggler_list.txt
2012-04-12 22:16 - 2012-11-22 00:35 - 0000032 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\SueB\AppData\Local\Temp\ct_2011.exe
C:\Users\SueB\AppData\Local\Temp\ct_2019.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 10:50

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by SueB at 2015-02-07 21:26:15
Running from C:\Users\SueB\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
24im (Remove Only) (HKLM-x32\...\24im) (Version: - 24im LLC)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Adobe Connect 9 Add-in) (Version: 11.2.392.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{8EAB9068-AA14-4575-B8DD-322732E1F367}) (Version: 29.4.0.23 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.3228 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.5801 - HRB Technology, LLC.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6466 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TMS CallCenter (HKLM-x32\...\{D94C4133-7E80-48D0-82DF-8741023FE53F}) (Version: 2.9.46 - National Systems Corporation)
TouchSettings (HKLM-x32\...\{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}) (Version: 1.00.0006 - Acer Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.0 - Tweaking.com)
USB Display Device (Trigger Family) 12.01.1225.3679 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 12.01.1225.3679 - StarTech)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3890881620-3642371930-2457045338-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

09-11-2014 19:00:10 Windows Backup
11-11-2014 07:33:25 Windows Update
12-11-2014 11:22:09 Windows Update
14-11-2014 09:46:48 Installed iTunes
16-11-2014 19:00:08 Windows Backup
18-11-2014 08:22:52 Windows Update
19-11-2014 23:37:05 Windows Update
21-11-2014 23:12:16 avast! antivirus system restore point
21-11-2014 23:15:41 Device Driver Package Install: Avast Network Service
23-11-2014 19:00:06 Windows Backup
24-11-2014 08:59:52 Installed QuickTime 7
24-11-2014 23:38:35 Windows Update
27-11-2014 10:06:59 Removed Microsoft Silverlight
28-11-2014 06:59:40 Windows Update
30-11-2014 19:00:07 Windows Backup
02-12-2014 07:04:39 Windows Update
05-12-2014 15:08:22 Windows Update
06-12-2014 20:52:34 Removed Java 7 Update 67
06-12-2014 20:53:39 Removed Java 7 Update 67 (64-bit)
06-12-2014 21:04:19 Installed Java 7 Update 71
06-12-2014 21:06:43 Installed Java 7 Update 71 (64-bit)
07-12-2014 19:00:05 Windows Backup
09-12-2014 08:18:43 Windows Update
10-12-2014 10:22:20 Windows Update
14-12-2014 19:00:22 Windows Backup
16-12-2014 09:47:22 Windows Update
19-12-2014 21:58:38 Windows Update
21-12-2014 19:00:11 Windows Backup
23-12-2014 08:02:34 Windows Update
28-12-2014 19:00:12 Windows Backup
30-12-2014 15:00:43 Windows Update
04-01-2015 19:00:12 Windows Backup
06-01-2015 03:15:08 Windows Update
09-01-2015 09:30:43 Windows Update
11-01-2015 19:00:15 Windows Backup
13-01-2015 06:31:24 Windows Update
14-01-2015 20:49:07 Windows Update
15-01-2015 23:17:34 Windows Update
17-01-2015 13:28:27 Removed H&R Block Deluxe + Efile + State 2012.
17-01-2015 13:32:22 Removed H&R Block Deluxe + Efile + State 2013.
17-01-2015 13:35:53 Removed H&R Block Georgia 2012.
17-01-2015 13:41:47 Removed H&R Block Virginia 2012.
17-01-2015 13:44:46 Removed eBay Worldwide
17-01-2015 13:45:22 Removed Evernote v. 5.0.3
18-01-2015 19:00:13 Windows Backup
20-01-2015 08:28:23 Windows Update
22-01-2015 18:35:22 Installed HR Block 2014.
25-01-2015 19:00:13 Windows Backup
27-01-2015 09:43:16 Windows Update
01-02-2015 19:00:14 Windows Backup
03-02-2015 07:56:54 Windows Update
04-02-2015 22:16:22 System Repair (Spybot - Search & Destroy+AV 2.4, administrator p
06-02-2015 20:11:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-31 16:09 - 00451135 ____R C:\Windows\system32\Drivers\etc\hosts
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.loagentvpn.liveops.com
205.167.109.11 azcad
143.61.195.18 d2000-okc
209.82.196.139 d2kappok
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07DB889A-B97D-4757-BB8C-9FB55354CC75} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {0829F493-5197-4BBF-9852-05FCC5F246CB} - System32\Tasks\{E20AA7F7-6390-4E13-9C81-2655C926B033} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {0A48CDB4-2DFD-4BE2-B56C-E25848093A75} - System32\Tasks\{BDB1BDF5-9F76-4C68-9D75-494216820199} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {0B1A5240-348B-4304-847D-F2184605D1ED} - System32\Tasks\{4752F0DE-31ED-4CBC-B01F-702B976EB8D8} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [2012-09-12] (CyberLink Corp.)
Task: {0D05C315-5AB0-4861-A30E-4EE92A96BF01} - System32\Tasks\{9ACEEDF3-702F-4220-A05E-0CA93CA1E2A6} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {17DC4C4F-82CC-4486-AFC5-F9305C9FD1FB} - System32\Tasks\{1534418C-F0AB-4B71-8F01-3EE429F584FA} => C:\Users\SueB\Desktop\AZ\D2000AZNEWGB - Production\d2k32_cr.exe
Task: {1B97C20B-D968-4F77-8B2C-94F6AE744057} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {1DEB26B1-3131-44CF-9AE4-B79BC99DA0AF} - System32\Tasks\{B8681D4F-9C47-4AB0-A0FD-9DA821FEE5AA} => C:\Program Files (x86)\TMS CallCenter\TMSTouch.exe [2014-10-30] (National Systems Corporation)
Task: {20F678C9-2A19-4D6F-8258-23B50829D7DC} - System32\Tasks\{C4A595AE-B568-42EA-85F1-276B3C74A131} => C:\Users\SueB\Downloads\D2000AZNEWGB_Training(1)\D2000AZNEWGB - Training\d2k32_cr.exe
Task: {216C76B3-1172-47C7-9044-22DC24A6196D} - System32\Tasks\{EB47D2A5-B517-412F-9811-4C351951D5CE} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {226E9CAF-1BAC-43FC-A362-B2426B3635B0} - System32\Tasks\{638E9ADC-9F84-43B3-A9F3-DA0B58579C00} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {2A7BC5AF-D5EC-4F33-B56D-E77BD16111D4} - System32\Tasks\{6B7EE633-1721-4727-8B09-4CAD264982D5} => Chrome.exe
Task: {2FFBC69E-72B9-4168-A3ED-C14E4DFA6530} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {32227CC8-7C04-447D-91BA-E4B4499CCF04} - System32\Tasks\{E619DE95-D955-49F1-99FC-47EA85FBC4FA} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {39EE3F7F-7D73-4598-BC27-481BEB0F2318} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {40896514-9238-4949-A4EF-5A2B6B415E6A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {440DC7A4-F6FE-400A-8A05-9E58DE665EDE} - System32\Tasks\{93712C41-9DDC-4AEA-8C2D-458F849D80B2} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {447ED454-8A73-4D1D-AC43-23172DC61152} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {458A39D4-D0C8-4D57-90C2-0B7B73E43C73} - System32\Tasks\{BD2B32D7-2270-463B-800E-E3283A7AEE5F} => C:\Users\SueB\Downloads\D2000OK_SD_Production\D2000OK_SD Production\d2k32_cr.exe
Task: {4B1F9702-2BF4-4D2A-836D-0CB42BF67804} - System32\Tasks\{8BA08670-BED0-4AA3-8712-A7401AD34809} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {4B3F9A54-2A51-413E-B15B-CE1CEE6B9004} - System32\Tasks\{C5DED3AA-9725-481F-A072-0F9C5620DC2A} => C:\Program Files (x86)\TMS CallCenter\TMSTouch.exe [2014-10-30] (National Systems Corporation)
Task: {4E371003-E721-4AEE-AAE1-07367047FA80} - System32\Tasks\SDD\Updater\SDDUpdater => C:\Program Files (x86)\SDDUpdater\updater.exe [2014-12-15] ()
Task: {50FCA8F8-9AA8-491A-8A5D-D3C5485A4FD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {5264931F-6FD7-4517-84DC-DF6C78F5096A} - System32\Tasks\{5343B9A1-E2D3-4CEB-ADE3-161875C0DB7B} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {570E2E58-EF05-411C-941A-644BE2D3D153} - System32\Tasks\{FB531758-1F75-47CF-A321-FD9198EA38BB} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {57873E08-56FC-41B3-9210-AA93B8AF43A0} - System32\Tasks\{865A080C-DAA1-4C23-B0B7-9DE26F8D3135} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {5D0A1D5B-A791-4D8C-9415-1F4B551F2D28} - System32\Tasks\{71A53804-1693-4846-A123-41A936D3AF27} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {6827ACC2-63C7-4FA5-ABF6-217C21F61C9F} - System32\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6DA423E6-86DE-4BF8-96EC-0140F1F7DDD1} - System32\Tasks\{1EE24F2C-0DB4-424E-84C9-D5B553767CC3} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {7A45A029-1EF7-4437-9149-FBC27B0FE08D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {7DFBAB0C-3563-4DBE-BEC3-0871CB07C784} - System32\Tasks\{7B6AF7DA-9AA6-402B-BEBB-2A1C1739BFC3} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {823A991B-B3D8-44D9-BA5C-59A1F5B1FC1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {85535A3F-A300-4BED-A150-CEFC08B917AE} - System32\Tasks\{5928A397-BA8A-4A29-8B17-B21980987B9B} => pcalua.exe -a C:\Users\SueB\Downloads\setupconsumerc2rolw.exe -d C:\Users\SueB\Downloads
Task: {8670ADD4-03F9-485B-97D7-11DB7A931235} - System32\Tasks\{71943BF6-63DE-4B39-B6A3-1BCC7FBCFBB8} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {96D67F5E-A707-4751-89E5-00B9EBCA27AE} - System32\Tasks\{2052277F-5188-4418-9901-057E6D3D78A1} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {9BB82EB2-8954-4EEC-8876-BFE5DB84AD54} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A193E4A5-A330-4296-86DB-437DF851057A} - System32\Tasks\{39F3C1C6-EC4D-402B-A504-E9D6FBAE6029} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {A9E35088-EED6-42CD-842A-5CB5F319E7F8} - System32\Tasks\{9D44F623-4985-474A-9615-EE65440F1AB3} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {ADA818BB-8F20-4D45-8144-98646066610B} - System32\Tasks\{288EC824-F8B4-4E9E-819A-A41CBF90B665} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {B4AD683C-6739-4229-8058-C94164C5017D} - System32\Tasks\{F5682B18-54EF-4BA1-8B80-17EE5E0BA4D4} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-10-07] (Apple Inc.)
Task: {C190CB65-1728-45CD-803A-8DDBB674B702} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {C57675A7-B82B-445E-97B8-B4D0D001CCD7} - System32\Tasks\{3777E41D-3A78-4D4C-BAE6-E5E45DEE9678} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-10-07] (Apple Inc.)
Task: {CA1A923E-4057-48ED-A708-6E3013B8C1B8} - System32\Tasks\{5F63685C-3140-4C71-AFC9-6F25CF2AF13D} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {CD02B04A-5210-4FA7-8CE1-1F424158BAEA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {D1AF4EF7-20FE-4D98-AC5A-C0A78662793C} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {D2670AB5-6452-467B-AD2F-2C5F5AA166B1} - System32\Tasks\{4BA20A4D-51C5-4714-8436-EBE1D9F66FCF} => pcalua.exe -a C:\Users\SueB\AppData\Local\Temp\Temp1_D2000NCNUASP.zip\D2000NCNUASP.EXE
Task: {D4419AA3-ABFF-4F43-A975-1BEF7AC2E250} - System32\Tasks\{43E83851-A191-4DD0-B505-84B1923B8640} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {D893FECF-D387-4112-B1B4-7E6B066A300E} - System32\Tasks\{C823354D-877A-4D2E-813F-74EB5EBE2BFC} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
Task: {DA2BD0E7-BD07-4911-B00C-44CB148951DC} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {DB8C6709-8951-40A2-BE5B-BC241528EE0F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {E1931CC9-1569-4FA3-B128-0BC5ABBA9962} - System32\Tasks\{5EBCD752-F3FD-4149-933E-89465BEC4685} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-10-07] (Apple Inc.)
Task: {E7490AFC-1999-4F1C-9DED-A4E3577B7B85} - System32\Tasks\{27397021-20E6-4FA4-9E6F-B36A347219EE} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {EEB36482-C08D-403B-86CE-7678D4A2ADB8} - System32\Tasks\{7A492F8F-F696-4E91-821A-98EF320FB6C9} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {F4B39FA3-7268-46F3-AE5E-F27332216409} - System32\Tasks\{77650567-5BA5-44DF-A667-22BB20EF1A55} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-03-29 21:00 - 2012-04-26 14:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2013-08-30 19:14 - 2012-08-28 13:20 - 00313432 _____ () C:\Windows\system32\GManager.exe
2013-08-30 19:14 - 2011-05-03 17:13 - 00199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2014-11-21 23:14 - 2014-11-21 23:14 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-21 23:14 - 2014-11-21 23:14 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-15 09:46 - 2014-12-15 09:46 - 00822024 _____ () C:\Program Files (x86)\SDDUpdater\updater.exe
2015-02-05 20:30 - 2015-02-05 20:30 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
2014-11-21 23:14 - 2014-11-21 23:14 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-07 18:26 - 2015-02-07 18:26 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020701\algo.dll
2013-11-30 19:39 - 2013-11-30 19:39 - 00057344 _____ () C:\Program Files (x86)\24im\24im Messenger\IMHOOK2.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-21 23:14 - 2014-11-21 23:14 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-17 10:14 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-17 10:14 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-17 10:14 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-17 10:14 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-17 10:14 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-15 05:17 - 2014-10-15 05:17 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2012-04-12 21:53 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-26 21:35 - 2015-01-26 21:35 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SueB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Dolby PCEE4\pcee4.exe" -autostart
MSCONFIG\startupreg: FDispPos => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch FixPos
MSCONFIG\startupreg: Google Update => "C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MCTDUtil => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch SuperUtil
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: TouchORB => C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

==================== Accounts: =============================

Administrator (S-1-5-21-3890881620-3642371930-2457045338-500 - Administrator - Disabled)
Guest (S-1-5-21-3890881620-3642371930-2457045338-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3890881620-3642371930-2457045338-1002 - Limited - Enabled)
SueB (S-1-5-21-3890881620-3642371930-2457045338-1001 - Administrator - Enabled) => C:\Users\SueB

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:08 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (02/07/2015 06:27:05 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (4512) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00034.log.


System errors:
=============
Error: (02/07/2015 06:31:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (02/07/2015 06:27:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/07/2015 06:27:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (02/06/2015 05:43:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/06/2015 05:43:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (02/06/2015 07:25:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (02/06/2015 07:25:25 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/06/2015 07:24:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (02/06/2015 07:23:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (02/06/2015 07:23:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.


Microsoft Office Sessions:
=========================
Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (02/07/2015 06:27:08 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (02/07/2015 06:27:05 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows4512Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00034.log-1811


CodeIntegrity Errors:
===================================
Date: 2015-02-07 20:56:16.849
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 20:46:25.551
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 19:38:28.219
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 19:03:39.648
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 18:38:07.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 00:52:53.817
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 00:39:38.638
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-06 22:35:06.682
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-06 21:57:27.696
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-06 21:41:02.117
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G640 @ 2.80GHz
Percentage of memory in use: 50%
Total physical RAM: 4034.78 MB
Available physical RAM: 2014.25 MB
Total Pagefile: 8067.74 MB
Available Pagefile: 5259.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.16 GB) (Free:313.86 GB) NTFS
Drive e: (Lexar) (Removable) (Total:29.81 GB) (Free:27.42 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 51B5EE98)
Partition 1: (Not Active) - (Size=15.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-02-07 21:36:00
-----------------------------
21:36:00.991 OS Version: Windows x64 6.1.7601 Service Pack 1
21:36:00.991 Number of processors: 2 586 0x2A07
21:36:00.992 ComputerName: SUEB-PC UserName: SueB
21:36:02.398 Initialize success
21:36:02.408 VM: initialized successfully
21:36:02.409 VM: Intel CPU supported virtualized
21:36:06.073 VM: supported disk I/O iaStor.sys
21:36:09.879 AVAST engine defs: 15020701
21:36:15.654 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:36:15.658 Disk 0 Vendor: WDC_WD50 17.0 Size: 476940MB BusType: 3
21:36:15.764 VM: Disk 0 MBR read successfully
21:36:15.768 Disk 0 MBR scan
21:36:15.773 Disk 0 Windows 7 default MBR code
21:36:15.777 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15872 MB offset 2048
21:36:15.792 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 32507904
21:36:15.799 Disk 0 default boot code
21:36:15.808 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460966 MB offset 32712704
21:36:15.849 Disk 0 scanning C:\Windows\system32\drivers
21:36:22.613 Service scanning
21:36:37.451 Modules scanning
21:36:37.457 Disk 0 trace - called modules:
21:36:37.472 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:36:37.480 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064d9060]
21:36:37.483 3 CLASSPNP.SYS[fffff88001aa843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047b1050]
21:36:38.049 AVAST engine scan C:\Windows
21:36:39.532 AVAST engine scan C:\Windows\system32
21:38:18.532 AVAST engine scan C:\Windows\system32\drivers
21:38:27.518 AVAST engine scan C:\Users\SueB
21:42:12.158 AVAST engine scan C:\ProgramData
21:43:56.315 Disk 0 statistics 3836847/0/22 @ 5.16 MB/s
21:43:56.331 Scan finished successfully
21:45:06.313 Disk 0 MBR has been saved successfully to "C:\Users\SueB\Downloads\MBR.dat"
21:45:06.313 The log file has been saved successfully to "C:\Users\SueB\Downloads\aswMBR.txt"

-----------------------------------------

I have not run the Spybot yet because I already have Spybot professional in my computer and want to be sure that downloading another one will create a problem.

Juliet
2015-02-08, 19:36
It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.
***********

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CloseProcesses:
Toolbar: HKU\S-1-5-21-3890881620-3642371930-2457045338-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
SearchScopes: HKU\S-1-5-21-3890881620-3642371930-2457045338-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
2015-01-08 10:44 - 2015-01-13 06:28 - 00000000 ____D () C:\Users\SueB\AppData\Local\wincheck
C:\Users\SueB\AppData\Local\Temp\ct_2011.exe
C:\Users\SueB\AppData\Local\Temp\ct_2019.exe
Task: {823A991B-B3D8-44D9-BA5C-59A1F5B1FC1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {DA2BD0E7-BD07-4911-B00C-44CB148951DC} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
2015-01-08 10:41 - 2015-01-08 10:41 - 00000000 ____D () C:\Users\SueB\AppData\Local\TVWizard
2015-01-08 10:40 - 2015-01-08 10:40 - 00004010 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-08 10:40 - 2015-01-08 10:40 - 00000000 ____D () C:\Windows\System32\Tasks\SDD
2015-01-08 10:40 - 2015-01-08 10:40 - 00000000 ____D () C:\Program Files (x86)\SDDUpdater
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post these 2 logs when finished and let me know if your still getting an alert from Antivirus.

Suemarie
2015-02-09, 00:13
I am posting this from my second computer. I have tried running the Farbar Recovery Tool twice. Both times, the computer locked up with a message saying the program was not responding. I am trying for the third time, hoping that this will be the charm.

If for some reason it locks up again, should I try running it as administrator and perhaps, temporarily disabling my virus protection? I also have the spybot live protection running.

So far, the program seems to be running, but if it does lock up again, I will let you know. :)

Juliet
2015-02-09, 02:27
should I try running it as administrator and perhaps, temporarily disabling my virus protection? I also have the spybot live protection running.

Yes, I've read in the last couple of days antivirus software has been interfering.

AVAST
Right-click on the avast! icon in system tray (looks like this: http://i100.photobucket.com/albums/m7/dasaki/avast.jpg but orange in color starting with v5). Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.

Suemarie
2015-02-09, 06:18
Ok. That worked. I ended up disabling Avast and going into safe mode. It zipped right thru after that. Here are the two results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by SueB at 2015-02-08 22:42:02 Run:7
Running from C:\Users\SueB\Desktop
Loaded Profiles: SueB (Available profiles: SueB)
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Toolbar: HKU\S-1-5-21-3890881620-3642371930-2457045338-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
SearchScopes: HKU\S-1-5-21-3890881620-3642371930-2457045338-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
2015-01-08 10:44 - 2015-01-13 06:28 - 00000000 ____D () C:\Users\SueB\AppData\Local\wincheck
C:\Users\SueB\AppData\Local\Temp\ct_2011.exe
C:\Users\SueB\AppData\Local\Temp\ct_2019.exe
Task: {823A991B-B3D8-44D9-BA5C-59A1F5B1FC1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {DA2BD0E7-BD07-4911-B00C-44CB148951DC} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
2015-01-08 10:41 - 2015-01-08 10:41 - 00000000 ____D () C:\Users\SueB\AppData\Local\TVWizard
2015-01-08 10:40 - 2015-01-08 10:40 - 00004010 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-08 10:40 - 2015-01-08 10:40 - 00000000 ____D () C:\Windows\System32\Tasks\SDD
2015-01-08 10:40 - 2015-01-08 10:40 - 00000000 ____D () C:\Program Files (x86)\SDDUpdater
EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found.
"HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
C:\Users\SueB\AppData\Local\wincheck => Moved successfully.
C:\Users\SueB\AppData\Local\Temp\ct_2011.exe => Moved successfully.
C:\Users\SueB\AppData\Local\Temp\ct_2019.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{823A991B-B3D8-44D9-BA5C-59A1F5B1FC1C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{823A991B-B3D8-44D9-BA5C-59A1F5B1FC1C}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA2BD0E7-BD07-4911-B00C-44CB148951DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA2BD0E7-BD07-4911-B00C-44CB148951DC}" => Key deleted successfully.
C:\Windows\System32\Tasks\BBQLeads => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BBQLeads" => Key deleted successfully.
C:\Users\SueB\AppData\Local\TVWizard => Moved successfully.
"C:\Windows\System32\Tasks\LaunchSignup" => File/Directory not found.
C:\Windows\System32\Tasks\SDD => Moved successfully.
C:\Program Files (x86)\SDDUpdater => Moved successfully.
EmptyTemp: => Removed 99.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:42:10 ====
-----------------------------------------------------------

# AdwCleaner v4.110 - Logfile created 08/02/2015 at 22:59:17
# Updated 05/02/2015 by Xplode
# Database : 2015-02-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : SueB - SUEB-PC
# Running from : C:\Users\SueB\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKCU\Software\Microsoft\KanarCore
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

Juliet
2015-02-09, 12:28
Whats the computer doing now

Please run a Threat Scan with Malwarebytes' Anti-Malware.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Suemarie
2015-02-09, 21:27
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2015.02.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.17183
SueB :: SUEB-PC [administrator]

Protection: Enabled

I didn't have anything in my Malwarebytes with the words Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection. I did see in more tools another program called Anti-Rootkit. I already have rootkit in my spybot pro. Should I put the Anti-Rootkit in also?

Here is what was in the history:
2015/02/09 07:36:14 -0500 SUEB-PC SueB MESSAGE Starting protection
2015/02/09 07:36:14 -0500 SUEB-PC SueB MESSAGE Protection started successfully
2015/02/09 07:36:14 -0500 SUEB-PC SueB MESSAGE Starting IP protection
2015/02/09 07:36:17 -0500 SUEB-PC SueB MESSAGE IP Protection started successfully
2015/02/09 13:23:23 -0500 SUEB-PC SueB MESSAGE Starting database refresh
2015/02/09 13:23:23 -0500 SUEB-PC SueB MESSAGE Stopping IP protection
2015/02/09 13:23:23 -0500 SUEB-PC SueB MESSAGE IP Protection stopped successfully
2015/02/09 13:23:27 -0500 SUEB-PC SueB MESSAGE Database refreshed successfully
2015/02/09 13:23:27 -0500 SUEB-PC SueB MESSAGE Starting IP protection
2015/02/09 13:23:30 -0500 SUEB-PC SueB MESSAGE IP Protection started successfully


Also, I could not find Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked. As far as I know I have the latest version of Spybot Pro. I just got it recently. Up until then, I just had the free version.

Juliet
2015-02-09, 23:21
You have the latest version of MalwareBytes?

OK, Open what you have, click on the update button then let it run a quick scan?, if it finds something and it asks what you want it to do, select quarantine.

after running this can let me what what the computer is doing now.


~~~~~
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.


======================================================

Suemarie
2015-02-10, 03:13
I hope I did this right.

C:\Users\All Users\rskrDKbta\dat\gqrYVM.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\FRST\Quarantine\C\Program Files (x86)\SDDUpdater\uninstall.exe a variant of Win32/Adware.Gertokr.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\SDDUpdater\updater.exe a variant of Win32/Adware.Gertokr.E application cleaned by deleting - quarantined
C:\ProgramData\rskrDKbta\dat\gqrYVM.dll a variant of MSIL/Adware.PullUpdate.K.gen application cleaned by deleting - quarantined

Suemarie
2015-02-10, 03:26
My bad. I didn't do the advanced thing. ugh

Juliet
2015-02-10, 03:28
lol

so far only 1 file to delete.
C:\Users\All Users\rskrDKbta\dat\gqrYVM.dll

Suemarie
2015-02-10, 05:30
I actually went back and ran the scan again because I had forgot to do the advance settings. This is the results of that scan:

C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx a variant of Win32/Toolbar.Conduit.AL potentially unwanted application
C:\Users\SueB\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\SueB\Downloads\dfsetup218.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

What do I do from here? Thank you for your patience. :)

Juliet
2015-02-10, 12:46
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx
C:\Users\SueB\Downloads\ccsetup501.exe
C:\Users\SueB\Downloads\dfsetup218.exe
C:\Users\All Users\rskrDKbta\dat\gqrYVM.dll
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Please post this log

tell me how the computer is now.

Suemarie
2015-02-10, 13:29
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by SueB at 2015-02-10 06:25:46 Run:9
Running from C:\Users\SueB\Desktop
Loaded Profiles: SueB (Available profiles: SueB)
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx
C:\Users\SueB\Downloads\ccsetup501.exe
C:\Users\SueB\Downloads\dfsetup218.exe
C:\Users\All Users\rskrDKbta\dat\gqrYVM.dll
EmptyTemp:
End
*****************

Processes closed successfully.
"C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe" => File/Directory not found.
"C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx" => File/Directory not found.
"C:\Users\SueB\Downloads\ccsetup501.exe" => File/Directory not found.
"C:\Users\SueB\Downloads\dfsetup218.exe" => File/Directory not found.
"C:\Users\All Users\rskrDKbta\dat\gqrYVM.dll" => File/Directory not found.
EmptyTemp: => Removed 24.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 06:25:50 ====

Juliet
2015-02-10, 14:18
tell me how the computer is now

Suemarie
2015-02-10, 17:43
Computer seems to be working good now. If anything else pops up, I will let you know. The only rather annoying thing is that Avast keeps pushing that Grime Boss. I tried it once and it nearly shut me down. But, that is just an annoyance more than a virus. :red:

Juliet
2015-02-10, 20:02
It's not a virus, it's a tool or software addition within the virus program that states it can rid you of additional issues a computer can have but.....
My opinion is, it needs to remain an antivirus tool :)

DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore



Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~~~~


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Suemarie
2015-02-11, 05:39
I wasn't sure if you wanted the Delifx results or not. I will post them just in case. Everything seems to be running smoothly now. Thank you for all of your help.

# DelFix v10.8 - Logfile created 10/02/2015 at 22:27:14
# Updated 29/07/2014 by Xplode
# Username : SueB - SUEB-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\SueB\Downloads\AdwCleaner.exe
Deleted : C:\Users\SueB\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\SueB\Downloads\MBR.dat
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #457 [Windows Backup | 11/10/2014 00:00:10]
Deleted : RP #458 [Windows Update | 11/11/2014 12:33:25]
Deleted : RP #459 [Windows Update | 11/12/2014 16:22:09]
Deleted : RP #460 [Installed iTunes | 11/14/2014 14:46:48]
Deleted : RP #461 [Windows Backup | 11/17/2014 00:00:08]
Deleted : RP #462 [Windows Update | 11/18/2014 13:22:52]
Deleted : RP #463 [Windows Update | 11/20/2014 04:37:05]
Deleted : RP #464 [avast! antivirus system restore point | 11/22/2014 04:12:16]
Deleted : RP #465 [Device Driver Package Install: Avast Network Service | 11/22/2014 04:15:41]
Deleted : RP #466 [Windows Backup | 11/24/2014 00:00:06]
Deleted : RP #467 [Installed QuickTime 7 | 11/24/2014 13:59:52]
Deleted : RP #468 [Windows Update | 11/25/2014 04:38:35]
Deleted : RP #469 [Removed Microsoft Silverlight | 11/27/2014 15:06:59]
Deleted : RP #470 [Windows Update | 11/28/2014 11:59:40]
Deleted : RP #471 [Windows Backup | 12/01/2014 00:00:07]
Deleted : RP #472 [Windows Update | 12/02/2014 12:04:39]
Deleted : RP #473 [Windows Update | 12/05/2014 20:08:22]
Deleted : RP #474 [Removed Java 7 Update 67 | 12/07/2014 01:52:34]
Deleted : RP #475 [Removed Java 7 Update 67 (64-bit) | 12/07/2014 01:53:39]
Deleted : RP #476 [Installed Java 7 Update 71 | 12/07/2014 02:04:19]
Deleted : RP #477 [Installed Java 7 Update 71 (64-bit) | 12/07/2014 02:06:43]
Deleted : RP #478 [Windows Backup | 12/08/2014 00:00:05]
Deleted : RP #479 [Windows Update | 12/09/2014 13:18:43]
Deleted : RP #480 [Windows Update | 12/10/2014 15:22:20]
Deleted : RP #481 [Windows Backup | 12/15/2014 00:00:22]
Deleted : RP #482 [Windows Update | 12/16/2014 14:47:22]
Deleted : RP #483 [Windows Update | 12/20/2014 02:58:38]
Deleted : RP #484 [Windows Backup | 12/22/2014 00:00:11]
Deleted : RP #485 [Windows Update | 12/23/2014 13:02:34]
Deleted : RP #486 [Windows Backup | 12/29/2014 00:00:12]
Deleted : RP #487 [Windows Update | 12/30/2014 20:00:43]
Deleted : RP #488 [Windows Backup | 01/05/2015 00:00:12]
Deleted : RP #489 [Windows Update | 01/06/2015 08:15:08]
Deleted : RP #490 [Windows Update | 01/09/2015 14:30:43]
Deleted : RP #491 [Windows Backup | 01/12/2015 00:00:15]
Deleted : RP #492 [Windows Update | 01/13/2015 11:31:24]
Deleted : RP #493 [Windows Update | 01/15/2015 01:49:07]
Deleted : RP #494 [Windows Update | 01/16/2015 04:17:34]
Deleted : RP #495 [Removed H&R Block Deluxe + Efile + State 2012. | 01/17/2015 18:28:27]
Deleted : RP #496 [Removed H&R Block Deluxe + Efile + State 2013. | 01/17/2015 18:32:22]
Deleted : RP #497 [Removed H&R Block Georgia 2012. | 01/17/2015 18:35:53]
Deleted : RP #498 [Removed H&R Block Virginia 2012. | 01/17/2015 18:41:47]
Deleted : RP #499 [Removed eBay Worldwide | 01/17/2015 18:44:46]
Deleted : RP #500 [Removed Evernote v. 5.0.3 | 01/17/2015 18:45:22]
Deleted : RP #501 [Windows Backup | 01/19/2015 00:00:13]
Deleted : RP #502 [Windows Update | 01/20/2015 13:28:23]
Deleted : RP #503 [Installed HR Block 2014. | 01/22/2015 23:35:22]
Deleted : RP #504 [Windows Backup | 01/26/2015 00:00:13]
Deleted : RP #505 [Windows Update | 01/27/2015 14:43:16]
Deleted : RP #506 [Windows Backup | 02/02/2015 00:00:14]
Deleted : RP #507 [Windows Update | 02/03/2015 12:56:54]
Deleted : RP #508 [System Repair (Spybot - Search & Destroy+AV 2.4, administrator p | 02/05/2015 03:16:22]
Deleted : RP #509 [Windows Update | 02/07/2015 01:11:18]
Deleted : RP #510 [Installed iTunes | 02/09/2015 00:21:32]
Deleted : RP #511 [Windows Backup | 02/09/2015 00:25:25]
Deleted : RP #512 [Windows Update | 02/10/2015 15:54:48]

New restore point created !

########## - EOF - ##########

Juliet
2015-02-11, 12:03
Looks good, we're glad to help :)

Juliet
2015-02-14, 04:27
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.