I have my farber report ready for some help

Status
Not open for further replies.
C

chuck 1962

New member
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 02
Ran by chuckanddona at 2015-01-03 10:37:14
Running from C:\Users\chuckanddona\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.17 - Synaptics Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
Mozy Restore Manager (HKLM-x32\...\{B16C5426-D1A9-44B5-9471-315B349B3A31}) (Version: 2.1.1.557 - Mozy, Inc)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6741 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
YouTube Accelerator (HKLM-x32\...\YouTube Accelerator) (Version: 3394(build_93) - Goobzo Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

16-12-2014 10:43:12 Windows Update
20-12-2014 04:09:14 Windows Update
23-12-2014 09:59:57 Windows Update
26-12-2014 13:34:32 Windows Update
30-12-2014 12:11:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06EF068F-DDA5-4E40-821C-2444BAF3E68A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-20] (Synaptics Incorporated)
Task: {1898CD1A-5A59-426A-B2DE-D0343596C77D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {1B382090-BCB7-4D6E-83B3-884ED2F079D6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {25BD2C2C-3573-451B-8B79-77FCD6C48F5C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {34F0AEEE-5B95-4BBC-8FC6-D6AE65199A05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {35019EDB-EC89-4B4A-9A65-8C95F9B7213D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-09] (Microsoft Corporation)
Task: {4084102E-7C7D-4A1A-99BA-62FBC5B3D3A8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-11] (AVAST Software)
Task: {4D8476B9-631F-496E-9EFD-E26059D060E1} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {524A5A81-7219-441B-81FC-361359D19958} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {7493955B-3311-4E5D-93E5-FED66664858B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {8F4C8D02-CA76-4CFD-A9A8-3CD55E12E29D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {9CD31B5D-B522-4266-B391-BAD2890D5A08} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: {BEC8DCE1-FFF0-456C-9ED5-004A0476F276} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {EA800E60-B4F6-4EB2-9510-C43D2BEFE0D1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EB795C8D-50CE-4543-873C-2E95840A35C2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\DriverUpdate Daily Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\windows\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-12-11 18:16 - 2014-12-11 18:16 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-11 18:16 - 2014-12-11 18:16 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-02-12 09:36 - 2012-09-20 19:40 - 04875576 _____ () C:\Program Files\Synaptics\SynTP\DellTouchpad.exe
2013-02-12 09:36 - 2012-10-16 05:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-06 11:09 - 2013-04-19 17:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 11:09 - 2013-04-19 17:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2014-12-31 15:45 - 2014-12-31 15:45 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123101\algo.dll
2014-12-11 18:16 - 2014-12-11 18:16 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-02 14:06 - 2015-01-02 14:06 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010201\algo.dll
2014-12-09 18:08 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-09 18:08 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-09 18:08 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-09 18:08 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-09 18:08 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-02-12 10:49 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-09 12:00 - 2014-11-26 11:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-11 18:16 - 2014-12-11 18:16 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-06 11:09 - 2013-05-02 18:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Syst3EBB2919:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\chuckanddona\Desktop\GIDEON HASTINGS HOUSE - ViewMyPaycheck Invitation.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-253687255-1003371428-3526289271-500 - Administrator - Disabled) => C:\Users\Administrator
chuckanddona (S-1-5-21-253687255-1003371428-3526289271-1001 - Administrator - Enabled) => C:\Users\chuckanddona
Guest (S-1-5-21-253687255-1003371428-3526289271-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2014 09:01:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 16.1.0.0, time stamp: 0x521e80f5
Faulting module name: MurocApi.dll, version: 16.1.0.0, time stamp: 0x521e7ff7
Exception code: 0xc0000005
Fault offset: 0x0000000000026570
Faulting process id: 0xa38
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5

Error: (12/13/2014 09:45:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x162c
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/13/2014 09:01:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x11e0
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/13/2014 04:49:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x15c0
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/12/2014 05:58:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x14d8
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/12/2014 03:23:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x15e4
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/11/2014 07:02:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x1934
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/11/2014 06:10:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgui.exe, version: 15.0.0.5577, time stamp: 0x545fd4e7
Faulting module name: mfc110u.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x1230
Faulting application start time: 0xavgui.exe0
Faulting application path: avgui.exe1
Faulting module path: avgui.exe2
Report Id: avgui.exe3
Faulting package full name: avgui.exe4
Faulting package-relative application ID: avgui.exe5

Error: (12/11/2014 06:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
The system cannot find the file specified.
.

Error: (12/11/2014 06:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (01/02/2015 10:08:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (01/01/2015 10:54:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (01/01/2015 10:49:12 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (01/01/2015 10:48:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (01/01/2015 10:17:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (12/31/2014 11:19:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (12/30/2014 01:02:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (12/30/2014 00:12:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).

Error: (12/29/2014 11:12:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (12/29/2014 11:09:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB2920189).


Microsoft Office Sessions:
=========================
Error: (12/22/2014 09:01:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.1.0.0521e80f5MurocApi.dll16.1.0.0521e7ff7c00000050000000000026570a3801d01defa3eccaeaC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dllf6d24a18-89e2-11e4-bec5-6036ddc7c0a8

Error: (12/13/2014 09:45:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e162c01d016e34cd92e48C:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dllaa19cef2-82d6-11e4-beb5-6036ddc7c0a8

Error: (12/13/2014 09:01:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e11e001d016dd0355e773C:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dll941588f8-82d0-11e4-beb4-6036ddc7c0a8

Error: (12/13/2014 04:49:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e15c001d016ba11d01f91C:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dll51fd7f7a-82ad-11e4-beb3-6036ddc7c0a8

Error: (12/12/2014 05:58:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e14d801d0165ef8a90b7aC:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dll64ec4671-8252-11e4-beb2-6036ddc7c0a8

Error: (12/12/2014 03:23:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e15e401d0164963b16ee0C:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dllac99021d-823c-11e4-beb1-6036ddc7c0a8

Error: (12/11/2014 07:02:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e193401d0159ef61c6aefC:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dll378806db-8192-11e4-beb0-6036ddc7c0a8

Error: (12/11/2014 06:10:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe15.0.0.5577545fd4e7mfc110u.dll6.2.9200.1704653b485c4c000013500078c9e123001d01597992a9a7fC:\Program Files (x86)\AVG\AVG2015\avgui.exemfc110u.dlld9faa0ce-818a-11e4-beb0-6036ddc7c0a8

Error: (12/11/2014 06:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
The system cannot find the file specified.

Error: (12/11/2014 06:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 38%
Total physical RAM: 8061.27 MB
Available physical RAM: 4964.96 MB
Total Pagefile: 16253.27 MB
Available Pagefile: 13022.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.25 GB) (Free:833.67 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 321F687F)

Partition: GPT Partition Type.

==================== End Of Log ============================
 
Hi

There are to be 2 logs when running Farbar Recovery Scan Tool

You posted the Addition.txt. If you could search for FRST.txt, copy and paste that for me please.
 
how is this?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by chuckanddona (administrator) on CHCUKANDDONNA on 03-01-2015 23:51:18
Running from C:\Users\chuckanddona\Downloads
Loaded Profile: chuckanddona (Available profiles: chuckanddona & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Synaptics\SynTP\DellTouchpad.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(GOOBZO) C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DellWPF] => C:\Program Files\Synaptics\SynTP\DellTouchpad.exe [4875576 2012-09-20] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2918200 2012-09-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\...\Run: [GoobzoYouTubeAccelerator] => C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe [2227048 2014-08-18] (GOOBZO)
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\...\Run: [DellSystemDetect] => C:\Users\chuckanddona\AppData\Local\Apps\2.0\JQ744EMN.H18\VCG2H067.MWD\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe
Startup: C:\Users\chuckanddona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MightyText Notifier.lnk
ShortcutTarget: MightyText Notifier.lnk -> C:\Program Files (x86)\MightyText Notifier\MightyText Notifier.exe (No File)
Startup: C:\Users\chuckanddona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-253687255-1003371428-3526289271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www-search.net/search.aspx?s=E8Jwobrys01955,324c586e-3f3d-4841-a179-5e795d00c4dd,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-253687255-1003371428-3526289271-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chuckanddona\AppData\Roaming\Mozilla\Firefox\Profiles\hvn6q9yc.default-1418244429523
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: NoScript - C:\Users\chuckanddona\AppData\Roaming\Mozilla\Firefox\Profiles\hvn6q9yc.default-1418244429523\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-14]
FF Extension: Adblock Plus - C:\Users\chuckanddona\AppData\Roaming\Mozilla\Firefox\Profiles\hvn6q9yc.default-1418244429523\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-11]
FF HKU\S-1-5-21-253687255-1003371428-3526289271-1001\...\Firefox\Extensions: [{116F7DA5-09F5-637E-7A91-6796EA614907}] - C:\Program Files (x86)\ver6SpeeditUp\184.xpi

Chrome:
=======
CHR Profile: C:\Users\chuckanddona\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\chuckanddona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch [2014-10-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-11] (Avast Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-11] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-09-20] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-10-28] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-11] (Avast Software)
R2 webinstrNewH; C:\windows\system32\Drivers\webinstrNewH.sys [106456 2014-12-08] (Corsica)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 23:50 - 2015-01-03 23:51 - 00000000 ____D () C:\Users\chuckanddona\Downloads\FRST-OlderVersion
2015-01-03 15:41 - 2015-01-03 15:41 - 00000197 _____ () C:\windows\system32\2015-01-03-20-41-14.069-AvastVBoxSVC.exe-2852.log
2015-01-03 15:38 - 2015-01-03 15:38 - 00291192 _____ () C:\windows\Minidump\010315-39406-01.dmp
2015-01-03 10:37 - 2015-01-03 10:38 - 00024708 _____ () C:\Users\chuckanddona\Downloads\Addition.txt
2015-01-03 10:36 - 2015-01-03 23:51 - 00014677 _____ () C:\Users\chuckanddona\Downloads\FRST.txt
2015-01-01 10:51 - 2015-01-01 10:52 - 00000197 _____ () C:\windows\system32\2015-01-01-15-51-13.090-AvastVBoxSVC.exe-2160.log
2014-12-28 12:00 - 2014-12-28 12:01 - 00000197 _____ () C:\windows\system32\2014-12-28-17-00-15.031-AvastVBoxSVC.exe-3412.log
2014-12-28 11:32 - 2014-12-28 11:34 - 00000197 _____ () C:\windows\system32\2014-12-28-16-32-34.046-AvastVBoxSVC.exe-1400.log
2014-12-28 11:28 - 2014-12-28 11:28 - 00291192 _____ () C:\windows\Minidump\122814-38953-01.dmp
2014-12-25 13:07 - 2014-12-25 13:09 - 00000197 _____ () C:\windows\system32\2014-12-25-18-07-20.015-AvastVBoxSVC.exe-3464.log
2014-12-25 12:17 - 2014-12-25 12:17 - 00000197 _____ () C:\windows\system32\2014-12-25-17-17-49.018-AvastVBoxSVC.exe-2224.log
2014-12-24 14:56 - 2014-12-24 14:57 - 00000197 _____ () C:\windows\system32\2014-12-24-19-56-58.008-AvastVBoxSVC.exe-1520.log
2014-12-22 10:21 - 2014-12-22 10:21 - 00000197 _____ () C:\windows\system32\2014-12-22-15-21-08.011-AvastVBoxSVC.exe-2096.log
2014-12-22 09:58 - 2014-12-22 09:58 - 00000197 _____ () C:\windows\system32\2014-12-22-14-58-31.063-AvastVBoxSVC.exe-2892.log
2014-12-22 09:01 - 2014-12-22 09:01 - 00000197 _____ () C:\windows\system32\2014-12-22-14-01-13.091-AvastVBoxSVC.exe-1372.log
2014-12-18 13:53 - 2014-12-18 13:56 - 00000197 _____ () C:\windows\system32\2014-12-18-18-53-13.064-AvastVBoxSVC.exe-3592.log
2014-12-17 22:13 - 2014-12-17 22:15 - 00000197 _____ () C:\windows\system32\2014-12-18-03-13-14.042-AvastVBoxSVC.exe-3244.log
2014-12-17 21:54 - 2014-12-17 21:57 - 00000197 _____ () C:\windows\system32\2014-12-18-02-54-53.073-AvastVBoxSVC.exe-3028.log
2014-12-17 21:42 - 2014-12-17 21:43 - 00000197 _____ () C:\windows\system32\2014-12-18-02-42-31.000-AvastVBoxSVC.exe-3628.log
2014-12-17 20:14 - 2014-12-17 20:16 - 00000197 _____ () C:\windows\system32\2014-12-18-01-14-12.026-AvastVBoxSVC.exe-3096.log
2014-12-17 16:19 - 2014-12-17 16:20 - 00000197 _____ () C:\windows\system32\2014-12-17-21-19-27.042-AvastVBoxSVC.exe-3652.log
2014-12-15 16:33 - 2014-12-15 16:33 - 00031262 _____ () C:\Users\chuckanddona\Documents\Paystub dec 13.htm
2014-12-15 16:33 - 2014-12-15 16:33 - 00000000 ____D () C:\Users\chuckanddona\Documents\Paystub dec 13_files
2014-12-15 16:08 - 2014-12-15 16:08 - 00014354 _____ () C:\Users\chuckanddona\Documents\Mill hill dump run 2014.odt
2014-12-14 08:52 - 2014-12-14 08:52 - 00000197 _____ () C:\windows\system32\2014-12-14-13-52-00.028-AvastVBoxSVC.exe-1940.log
2014-12-14 00:04 - 2014-12-14 00:06 - 00000197 _____ () C:\windows\system32\2014-12-14-05-04-27.032-AvastVBoxSVC.exe-2244.log
2014-12-13 23:25 - 2014-12-13 23:27 - 00000197 _____ () C:\windows\system32\2014-12-14-04-25-40.048-AvastVBoxSVC.exe-3012.log
2014-12-13 22:58 - 2014-12-13 22:59 - 00000197 _____ () C:\windows\system32\2014-12-14-03-58-09.075-AvastVBoxSVC.exe-2128.log
2014-12-13 14:32 - 2014-12-13 14:34 - 00000197 _____ () C:\windows\system32\2014-12-13-19-32-38.027-AvastVBoxSVC.exe-3016.log
2014-12-13 14:22 - 2014-12-13 14:22 - 00000197 _____ () C:\windows\system32\2014-12-13-19-22-18.057-AvastVBoxSVC.exe-2828.log
2014-12-13 12:16 - 2014-12-13 12:16 - 00000197 _____ () C:\windows\system32\2014-12-13-17-16-08.023-AvastVBoxSVC.exe-3816.log
2014-12-13 09:53 - 2014-12-13 09:54 - 00000197 _____ () C:\windows\system32\2014-12-13-14-53-54.092-AvastVBoxSVC.exe-3592.log
2014-12-13 09:46 - 2014-12-13 09:46 - 00000197 _____ () C:\windows\system32\2014-12-13-14-46-11.061-AvastVBoxSVC.exe-4120.log
2014-12-13 06:10 - 2014-12-13 06:11 - 00000197 _____ () C:\windows\system32\2014-12-13-11-10-51.081-AvastVBoxSVC.exe-3760.log
2014-12-12 22:38 - 2014-12-12 22:38 - 00000197 _____ () C:\windows\system32\2014-12-13-03-38-14.098-AvastVBoxSVC.exe-4004.log
2014-12-12 17:55 - 2014-12-12 17:55 - 00000197 _____ () C:\windows\system32\2014-12-12-22-55-18.024-AvastVBoxSVC.exe-1216.log
2014-12-12 15:24 - 2014-12-12 15:24 - 00000197 _____ () C:\windows\system32\2014-12-12-20-24-32.058-AvastVBoxSVC.exe-4004.log
2014-12-11 18:26 - 2014-12-11 18:26 - 00000247 _____ () C:\windows\system32\2014-12-11-23-26-00.052-aswFe.exe-5564.log
2014-12-11 18:22 - 2014-12-11 18:25 - 00000247 _____ () C:\windows\system32\2014-12-11-23-22-36.072-aswFe.exe-6024.log
2014-12-11 18:22 - 2014-12-11 18:22 - 00000197 _____ () C:\windows\system32\2014-12-11-23-22-35.027-AvastVBoxSVC.exe-3880.log
2014-12-11 18:17 - 2014-12-11 18:17 - 00000000 ____D () C:\Users\chuckanddona\AppData\Roaming\AVAST Software
2014-12-11 18:16 - 2014-12-28 11:31 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-12-11 18:16 - 2014-12-11 18:16 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-11 18:16 - 2014-12-11 18:16 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-11 18:16 - 2014-12-11 18:16 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-11 18:16 - 2014-12-11 18:16 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-11 18:16 - 2014-12-11 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-11 18:13 - 2014-12-11 18:13 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-11 18:11 - 2014-12-11 18:11 - 05006864 _____ (AVAST Software) C:\Users\chuckanddona\Downloads\avast_free_antivirus_setup_online(2).exe
2014-12-11 18:06 - 2014-12-11 18:06 - 05006864 _____ (AVAST Software) C:\Users\chuckanddona\Downloads\avast_free_antivirus_setup_online(1).exe
2014-12-11 14:34 - 2014-12-11 14:34 - 00000247 _____ () C:\windows\system32\2014-12-11-19-34-34.046-aswFe.exe-6660.log
2014-12-11 14:30 - 2014-12-11 14:34 - 00000247 _____ () C:\windows\system32\2014-12-11-19-30-42.036-aswFe.exe-4476.log
2014-12-11 14:30 - 2014-12-11 14:30 - 00000197 _____ () C:\windows\system32\2014-12-11-19-30-40.017-AvastVBoxSVC.exe-4996.log
2014-12-11 14:23 - 2014-12-11 14:23 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-12-11 14:23 - 2014-12-11 14:23 - 00000000 ____D () C:\windows\system32\vbox
2014-12-11 14:18 - 2014-12-11 18:13 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-11 14:18 - 2014-12-11 14:18 - 05006864 _____ (AVAST Software) C:\Users\chuckanddona\Downloads\avast_free_antivirus_setup_online.exe
2014-12-11 10:48 - 2015-01-03 23:51 - 02123776 _____ (Farbar) C:\Users\chuckanddona\Downloads\FRST64.exe
2014-12-11 10:48 - 2015-01-03 23:51 - 00000000 ____D () C:\FRST
2014-12-11 10:44 - 2014-12-11 10:44 - 00000207 _____ () C:\windows\tweaking.com-regbackup-CHCUKANDDONNA-Microsoft-Windows-8-(64-bit).dat
2014-12-11 10:43 - 2014-12-11 10:43 - 00000000 ____D () C:\RegBackup
2014-12-11 10:42 - 2014-12-11 10:42 - 00002237 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-11 10:42 - 2014-12-11 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-11 10:42 - 2014-12-11 10:42 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-11 10:41 - 2014-12-11 10:41 - 04215584 _____ () C:\Users\chuckanddona\Downloads\tweaking.com_registry_backup_setup.exe
2014-12-10 18:35 - 2014-12-10 18:35 - 00000000 ____D () C:\Users\chuckanddona\Intel
2014-12-09 18:09 - 2014-12-09 18:09 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-09 18:09 - 2014-12-09 18:09 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-09 18:09 - 2014-12-09 18:09 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-12-09 18:08 - 2014-12-09 19:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-09 18:08 - 2014-12-09 18:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-09 18:08 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-12-09 18:04 - 2014-12-09 18:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\chuckanddona\Downloads\spybot-2.4.exe
2014-12-09 16:50 - 2014-12-09 16:50 - 00001336 _____ () C:\Users\chuckanddona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware.lnk
2014-12-09 16:23 - 2014-12-09 16:23 - 04637504 _____ (AVG Technologies) C:\Users\chuckanddona\Downloads\avg_free_stb_all_2015_5557_cnet(1).exe
2014-12-09 16:14 - 2014-10-08 23:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-09 16:14 - 2014-10-08 23:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-09 16:14 - 2014-10-08 23:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-09 16:14 - 2014-10-08 22:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-09 16:14 - 2014-10-08 22:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-09 14:31 - 2014-10-11 02:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-09 14:31 - 2014-10-11 00:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-09 14:31 - 2014-10-08 22:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-09 14:31 - 2014-10-08 22:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-09 14:31 - 2014-10-08 22:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-09 14:31 - 2014-09-22 00:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-09 14:31 - 2014-09-21 22:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-09 14:30 - 2014-11-21 03:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-09 14:30 - 2014-11-21 03:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-09 14:30 - 2014-11-21 03:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-09 14:30 - 2014-11-21 03:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-09 14:30 - 2014-11-21 03:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-09 14:30 - 2014-11-21 03:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-09 14:30 - 2014-11-21 03:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-09 14:30 - 2014-11-21 02:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-09 14:30 - 2014-11-21 02:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-09 14:30 - 2014-11-21 02:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-09 14:30 - 2014-11-21 02:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-09 14:30 - 2014-11-21 02:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-09 14:30 - 2014-11-21 02:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-09 14:30 - 2014-11-21 02:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-09 14:30 - 2014-11-21 02:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-09 14:30 - 2014-11-21 02:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-09 14:30 - 2014-11-21 01:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-09 14:30 - 2014-11-20 23:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-09 14:30 - 2014-11-06 01:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-09 14:30 - 2014-11-06 00:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-09 12:55 - 2014-12-10 17:31 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-09 12:54 - 2014-12-09 12:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-09 12:54 - 2014-12-09 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-09 12:54 - 2014-12-09 12:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-09 12:54 - 2014-12-09 12:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-09 12:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-09 12:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-09 12:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-09 12:51 - 2014-12-09 12:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\chuckanddona\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-09 12:00 - 2014-12-09 12:00 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 12:00 - 2014-12-09 12:00 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 12:00 - 2014-12-09 12:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 09:39 - 2014-12-09 09:39 - 00000032 _____ () C:\ProgramData\Temp.log
2014-12-09 09:33 - 2014-12-09 09:33 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-12-08 09:45 - 2014-12-08 09:45 - 00106456 _____ (Corsica) C:\windows\system32\Drivers\webinstrNewH.sys
2014-12-08 09:45 - 2014-12-08 09:45 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-04 10:52 - 2014-12-09 09:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-04 10:52 - 2014-12-04 10:52 - 00880784 _____ (Google Inc.) C:\Users\chuckanddona\Downloads\GoogleEarthSetup(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 23:17 - 2014-08-18 23:00 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-253687255-1003371428-3526289271-1001
2015-01-03 23:17 - 2013-02-12 11:06 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-03 23:14 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2015-01-03 23:12 - 2013-02-12 10:57 - 00000000 ____D () C:\ProgramData\Temp
2015-01-03 15:38 - 2014-08-19 12:49 - 859913880 _____ () C:\windows\MEMORY.DMP
2015-01-03 15:38 - 2014-08-19 12:49 - 00000000 ____D () C:\windows\Minidump
2015-01-03 15:38 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-03 12:16 - 2013-02-12 10:34 - 01331472 _____ () C:\windows\WindowsUpdate.log
2015-01-03 11:05 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-28 12:03 - 2012-07-26 02:28 - 00850046 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-28 11:52 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
2014-12-25 13:04 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-12-19 18:08 - 2014-08-21 14:39 - 00000518 _____ () C:\windows\Tasks\DriverUpdate Daily Scan.job
2014-12-15 16:09 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-12-13 09:49 - 2014-10-31 08:07 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-13 09:49 - 2013-02-12 10:22 - 00624962 _____ () C:\windows\PFRO.log
2014-12-13 09:48 - 2012-07-26 03:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-12-12 14:09 - 2014-08-18 23:28 - 00000000 ____D () C:\Program Files (x86)\YouTube Accelerator
2014-12-10 19:04 - 2014-10-01 08:21 - 00000000 ____D () C:\Users\chuckanddona\AppData\Local\Adobe
2014-12-10 19:04 - 2013-02-12 11:03 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-10 18:40 - 2013-02-12 10:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-12-10 18:40 - 2013-02-12 10:49 - 00000000 ____D () C:\Program Files\Intel
2014-12-10 18:35 - 2014-08-18 17:13 - 00000000 ____D () C:\Users\chuckanddona
2014-12-10 18:30 - 2014-10-02 14:49 - 00000000 ____D () C:\Users\chuckanddona\AppData\Local\Deployment
2014-12-10 15:47 - 2014-10-23 13:43 - 00000000 ____D () C:\Users\chuckanddona\Desktop\Old Firefox Data
2014-12-10 08:58 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-10 08:45 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2014-12-09 20:03 - 2014-02-10 20:16 - 00000000 ____D () C:\Bovada
2014-12-09 16:17 - 2012-07-26 03:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-09 16:16 - 2014-08-19 03:23 - 00000000 ____D () C:\windows\system32\MRT
2014-12-09 16:15 - 2014-08-19 03:23 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-09 15:54 - 2014-10-26 12:12 - 00318592 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-09 15:53 - 2014-08-18 23:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 14:18 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-09 13:12 - 2014-10-26 12:36 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-09 13:12 - 2014-08-18 23:23 - 00000000 ____D () C:\Users\chuckanddona\AppData\Roaming\Systweak
2014-12-09 13:11 - 2014-10-27 18:24 - 00000000 ____D () C:\ProgramData\LizardSales
2014-12-09 13:10 - 2014-09-09 19:25 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 09:43 - 2013-02-12 10:57 - 00000000 ____D () C:\ProgramData\CLSK
2014-12-09 09:43 - 2013-02-12 10:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-09 09:42 - 2013-02-12 10:57 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-09 03:37 - 2014-08-21 15:37 - 00000133 _____ () C:\Users\chuckanddona\AppData\Roaming\WB.CFG
2014-12-08 09:45 - 2014-10-26 12:35 - 00002081 _____ () C:\windows\patsearch.bin
2014-12-08 09:45 - 2012-07-26 02:21 - 00020480 _____ () C:\windows\setupact.log
2014-12-06 15:24 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-04 10:54 - 2014-08-18 23:26 - 00000000 ____D () C:\Users\chuckanddona\AppData\Local\Google

Some content of TEMP:
====================
C:\Users\chuckanddona\AppData\Local\Temp\cabex.dll
C:\Users\chuckanddona\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-28 10:14

==================== End Of Log ============================
 
You did good, thats the log I needed to see.

Faulting application name: avgui.exe <-- AVG antivirus
AV: avast! Antivirus (Enabled - Up to date)
The above shows me you have an incomplete uninstall of AVG. Below is the web site from AVG with the tool that will complete the uninstall.

http://www.avg.com/us-en/utilities
scroll down to the version that was on your machine

~~~~~~~~

There was found a few malicious extensions in your browsers that need to be removed.

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
  • xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png
    Backup Internet Explorer Favourites
  • xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg
    Backup Firefox Bookmarks
  • U5NwUGc.png
    Backup Chrome Bookmarks



Proceed with the reset once done.

~~~~~~~~~~~

Running from C:\Users\chuckanddona\Downloads
We need to move FRST (Farbar Recovery Scan Tool) to your desktop.

Please go to your Downloads folder, scroll to find Farbar Recovery Scan Tool, right click on that and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
Task: {25BD2C2C-3573-451B-8B79-77FCD6C48F5C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4D8476B9-631F-496E-9EFD-E26059D060E1} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EA800E60-B4F6-4EB2-9510-C43D2BEFE0D1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EB795C8D-50CE-4543-873C-2E95840A35C2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
AlternateDataStreams: C:\Syst3EBB2919:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www-search.net/search.aspx?s=E8Jwobrys01955,324c586e-3f3d-4841-a179-5e795d00c4dd,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-253687255-1003371428-3526289271-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
C:\Program Files (x86)\ver6SpeeditUp\184.xpi
CHR Extension: (No Name) - C:\Users\chuckanddona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch [2014-10-30]
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]
C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys
2014-12-09 13:12 - 2014-10-26 12:36 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-09 13:12 - 2014-08-18 23:23 - 00000000 ____D () C:\Users\chuckanddona\AppData\Roaming\Systweak
C:\Users\chuckanddona\AppData\Local\Temp\cabex.dll
C:\Users\chuckanddona\AppData\Local\Temp\tu17p84.exe
EmptyTemp:
Hosts:
End
Click to expand...

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


*******

BY4dvz9.png
AdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select
    AVOiBNU.jpg
    Run as administrator     to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


thisisujrt.gif

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
 
Okay, it seems like a lot and confusing, but give me some time, I will try to do everything in order and as instructed, thanks!!
 
If you need me, just reply.

It's actually not that hard once you get started :)
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by chuckanddona at 2015-01-04 13:44:38 Run:1
Running from C:\Users\chuckanddona\Desktop
Loaded Profile: chuckanddona (Available profiles: chuckanddona & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Task: {25BD2C2C-3573-451B-8B79-77FCD6C48F5C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4D8476B9-631F-496E-9EFD-E26059D060E1} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EA800E60-B4F6-4EB2-9510-C43D2BEFE0D1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EB795C8D-50CE-4543-873C-2E95840A35C2} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
AlternateDataStreams: C:\Syst3EBB2919:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www-search.net/search.aspx?s=E8Jwobrys01955,324c586e-3f3d-4841-a179-5e795d00c4dd,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-253687255-1003371428-3526289271-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
C:\Program Files (x86)\ver6SpeeditUp\184.xpi
CHR Extension: (No Name) - C:\Users\chuckanddona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch [2014-10-30]
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]
C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys
2014-12-09 13:12 - 2014-10-26 12:36 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-09 13:12 - 2014-08-18 23:23 - 00000000 ____D () C:\Users\chuckanddona\AppData\Roaming\Systweak
C:\Users\chuckanddona\AppData\Local\Temp\cabex.dll
C:\Users\chuckanddona\AppData\Local\Temp\tu17p84.exe
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25BD2C2C-3573-451B-8B79-77FCD6C48F5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25BD2C2C-3573-451B-8B79-77FCD6C48F5C}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D8476B9-631F-496E-9EFD-E26059D060E1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D8476B9-631F-496E-9EFD-E26059D060E1}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA800E60-B4F6-4EB2-9510-C43D2BEFE0D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA800E60-B4F6-4EB2-9510-C43D2BEFE0D1}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB795C8D-50CE-4543-873C-2E95840A35C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB795C8D-50CE-4543-873C-2E95840A35C2}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
C:\windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\windows\Tasks\APSnotifierPP3.job => Moved successfully.
C:\Syst3EBB2919 => ":$WIMMOUNTDATA" ADS removed successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-253687255-1003371428-3526289271-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-253687255-1003371428-3526289271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully.
HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} => Key not found.
"C:\Program Files (x86)\ver6SpeeditUp\184.xpi" => File/Directory not found.
C:\Users\chuckanddona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch => Moved successfully.
SMUpdd => Service deleted successfully.
"C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys" => File/Directory not found.
C:\Program Files (x86)\globalUpdate => Moved successfully.
C:\Users\chuckanddona\AppData\Roaming\Systweak => Moved successfully.
C:\Users\chuckanddona\AppData\Local\Temp\cabex.dll => Moved successfully.
C:\Users\chuckanddona\AppData\Local\Temp\tu17p84.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 179.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:45:36 ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8 x64
Ran by chuckanddona on Sun 01/04/2015 at 13:54:50.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\chuckanddona\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\chuckanddona\appdata\local\globalupdate"
Successfully deleted: [Folder] "C:\Program Files (x86)\predm"
Failed to delete: [Folder] "C:\Program Files (x86)\youtube accelerator"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\youtube accelerator"
Failed to delete: [Folder] "C:\Program Files (x86)\youtube accelerator"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/04/2015 at 13:58:51.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
BY4dvz9.png
AdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select
    AVOiBNU.jpg
    Run as administrator     to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

After you run this tool and post the log, also give me comments on how the computer is now.
 
# AdwCleaner v4.106 - Report created 04/01/2015 at 14:55:42
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 8 (64 bits)
# Username : chuckanddona - CHCUKANDDONNA
# Running from : C:\Users\chuckanddona\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : webinstrNewH

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\d6aea9d9965d2bf1
Folder Deleted : C:\Program Files (x86)\YouTube Accelerator
Folder Deleted : C:\Users\chuckanddona\AppData\Local\CrashRpt
Folder Deleted : C:\Users\chuckanddona\AppData\LocalLow\Goobzo
Folder Deleted : C:\Users\chuckanddona\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Public\Documents\YTAHelper
File Deleted : C:\windows\System32\drivers\webinstrNewH.sys
File Deleted : C:\Users\Administrator\Desktop\YouTube Accelerator.lnk
File Deleted : C:\Users\chuckanddona\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\chuckanddona\AppData\Roaming\Mozilla\Firefox\Profiles\286156uk.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94bf21e4-4cfb-464c-9312-8b65220b78f4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{94bf21e4-4cfb-464c-9312-8b65220b78f4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{94bf21e4-4cfb-464c-9312-8b65220b78f4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\CommonShare
Key Deleted : HKCU\Software\AppDataLow\Software\SpeeditUp
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www-search.net

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[286156uk.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Groovorio");
[286156uk.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Groovorio");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [9503 octets] - [04/01/2015 14:53:08]
AdwCleaner[S0].txt - [9149 octets] - [04/01/2015 14:55:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9209 octets] ##########
 
I turned off my scripts blocker that worked to keep the annoying pop ups and went to a web site that was really prone to them and they seem to be gone!!! This is amazing if it is true and worth the wait for your help!
 
I turned off my scripts blocker that worked to keep the annoying pop ups and went to a web site that was really prone to them and they seem to be gone!!! This is amazing if it is true and worth the wait for your help!
Click to expand...

Yeah!!

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note:
    For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan.

*************************************
 
Status
Not open for further replies.
Back
Top