How to fix taskbar! It's buried under the documents!

April 28, 2015 at 11:14:08
Specs: Windows 8.1, i7 4930K / 32GB RAM
Before anything else, I AM running Windows 8.1 but I'm also running Classic Shell. I get a start menu but it's hard to find out much regarding how to do things in this Frankenstein-like OS!

Of late, my taskbar has been refusing to appear when I move my mouse to the top of the screen where I put the taskbar. (It's set to disappear when I don't need it.) I CAN get down to it if I minimize the windows on top of it but it's a hassle to continually do this in the middle of my work.

Using System Restore is a problem for me because I have very poor eyesight, and when I tried to do this, here in Win 8.1, the Windows magnifier went crazy, and I had to abort the whole thing.

I'm starting to worry because there are other little things going wrong in the OS. I may just have to figure out a way to use SysRestore, "blind!" before the whole computer just explodes or something!

Any help with this will be very much appreciated. :)


See More: How to fix taskbar! Its buried under the documents!

Report •

#1
April 28, 2015 at 11:58:31
I wonder if uninstalling Classic Shell and re-installing it might get you out of this hole.

I'm using Win 8.1 myself but stitched it up my own way without feeling the need to invoke the old start menu. I can't therefore comment about Classic Shell settings from personal experience. Most things are in the same (or similar) old places as they were in the W95 days but I accept that unearthing them might not be so easy if your eyesight is poor.

What sort of other little things are going wrong?

Always pop back and let us know the outcome - thanks


Report •

#2
April 28, 2015 at 14:00:39
When I search for things in the search field at the bottom of the start menu, the results comes up, but pretty slowly compared to the way it use to be. It use to happen instantly. Now it takes maybe 6 seconds or so.

And I have a free text-to-speech program, (ReadPlease). When I clicked on its icon on the taskbar, it appeared instantly. Now it appears for a split second and disappears. I have to click a few times to finally get it to stay on the screen. (After the first time, it starts normally though.) At first I thought it came up UNDER other documents but that's not what's happening. It does this new thing even if there are no other docs on the screen.

And it suddenly occurs to me that a shutdown problem that started the better part of a year ago, may've been fixable with System Restore!!!! Stoopid mee! It's a little late to try that option now though. I've been using HIBERNATE. I like it much better anyway.
When I use SHUTDOWN, the computer doesn't completely shut down. The screen goes blank but the big blue light on the case stays on, along with the fans! I have to press the button on the case and hold it in 'til the light finally goes off. And then when the computer is turned on again, I get an OVERCLOCKING FAILED message, and I have to go into the BIOS and out again without doing anything, to get Windows to finally start.


Report •

#3
April 28, 2015 at 14:50:18
Before we go any further I think we should get a quick malware check, even if it's only to eliminate that possibility. These three little freebies are quite safe and often find and fix what AVs can miss:

AdwCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button.

Junkware Removal Tool (JRT)
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

MalwareBytes:
http://filehippo.com/download_malwa...
(green Download button top right - not anything else on the page)
Install and Run the program but before doing its Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

If any of them find anything please copy/paste the associated logs on here.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

Related Solutions

#4
April 28, 2015 at 20:26:42
My thoughts exactly Derek, it could be malware.

A point that you may not know is using the Control + will zoom most windows in for easier readability and Control - will zoom them back out again.

You have to be a little bit crazy to keep you from going insane.


Report •

#5
May 3, 2015 at 09:45:08
I'm posting one of the logs. I can't find the other one. This is the junkware one. The malware one found one toolbar. After running these programs, something did change. When I search for something on my system, the results now comes up instantly again. :) I guess I'll see if I'm still having trouble with the taskbar. :)

------------------------------------------------------------------------------------------------------------------
LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 8.1 Pro x64
Ran by Jonathan on Sun 05/03/2015 at 12:25:25.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1610595117-2105667134-921046427-1001

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Jonathan\appdata\local\{02F88D61-A167-4B61-930C-F2B62B49BD3A}
Successfully deleted: [Empty Folder] C:\Users\Jonathan\appdata\local\{2842DA09-CF92-41FA-91BC-5AFBDFC5210E}
Successfully deleted: [Empty Folder] C:\Users\Jonathan\appdata\local\{363ACC97-8C27-49D8-AFBC-6CA5E85A2E64}
Successfully deleted: [Empty Folder] C:\Users\Jonathan\appdata\local\{3D44C869-0FB2-4222-9C12-3FA4DA34296B}
Successfully deleted: [Empty Folder] C:\Users\Jonathan\appdata\local\{43C929CE-87DC-4864-96D6-89FC3C85E44D}
Successfully deleted: [Empty Folder] C:\Users\Jonathan\appdata\local\{5AA81138-9877-43B0-AE57-4AFBEFC8676D}
Successfully deleted: [Empty Folder] C:\Users\Jonathan\appdata\local\{BBF0D35E-98AD-4078-A7FA-DF193272E52C}
Successfully deleted: [Empty Folder] C:\Users\Jonathan\appdata\local\{BF9B9983-CA5C-42F0-8D3B-4B878909BCCB}
Successfully deleted: [Empty Folder] C:\Users\Jonathan\appdata\local\{CFA8A99E-B3B9-4AA6-A38A-8D2C29A9B64A}
Successfully deleted: [Empty Folder] C:\Users\Jonathan\appdata\local\{E670C803-6E99-402E-87F9-82FB318CB426}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/03/2015 at 12:28:32.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#6
May 3, 2015 at 17:11:45
Thanks.

I assume by "the other one" you mean ADWCleaner. You will find that in a folder by that name, straight off the root of the C drive.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#7
May 3, 2015 at 17:59:42
"I can't find the other one"
You can find the logfile at C:\AdwCleaner[S1].txt

"I guess I'll see if I'm still having trouble with the taskbar"
Even if you are not having problems, you are not yet clean, this malware is like cancer, you have to get rid of it all.


Report •

#8
May 4, 2015 at 09:20:58
Here's the other log... :)

# AdwCleaner v4.202 - Logfile created 03/05/2015 at 12:16:04
# Updated 23/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Jonathan - PUGET-124909
# Running from : C:\Users\Jonathan\Desktop\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.1.8

***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v42.0.2311.135

[C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4997 bytes] - [24/07/2014 12:36:06]
AdwCleaner[R1].txt - [4366 bytes] - [03/05/2015 12:14:50]
AdwCleaner[S0].txt - [5107 bytes] - [24/07/2014 12:38:48]
AdwCleaner[S1].txt - [4305 bytes] - [03/05/2015 12:16:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4364 bytes] ##########


Report •

#9
May 4, 2015 at 14:44:14
"Here's the other log... :)"
Thanks.

We are now in the process of dismantling the nasties bit by bit, I will tell you when you are clean & how you got/avoid all this stuff.

Next step.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#10
May 12, 2015 at 09:00:56
Even before I do anything, I felt I needed to tell you what's happening now! I have so much work that I'm getting confused!!! Anyway, at first, it looked like the search in Windows was fixed, and search results came up instantly again like before. But just like you gury said, the search became slow again! And now, something else! I have to click, 2, then even 3 or 4 times to get something to happen! It's happening everywhere! I never did the boot time scan I wanted to do.

Anyway, lemmie read the new posts, and follow you're instructions. And thanx very much for your help. :)


Report •

#11
May 12, 2015 at 10:46:41
JEEZ! And the redirect are back in FireFox! Om currently scanning. After the scan is done, ol follow your instructions.

Report •

#12
May 12, 2015 at 13:09:17
That's often the way with malware. You have to pick your way through it stage by stage until it has been fully removed. Keep going with Johnw, who has done this many times before on here. I feel sure you'll get it all sorted - just keep supplying the logs and following his instructions step at a time and at your own pace.

Always pop back and let us know the outcome - thanks


Report •

#13
May 12, 2015 at 14:46:34
OK, all this is a bit much for my dyslexic brain! I downloaded COMBOFIX and here's what it said immediately.

This operating system is not supported!
ComboFix only runs on:

Windows XP (32 bit)
Windows Vista (32 bit/64 bit)
Windows 7 (32 bit/64 bit)
Windows 8 (32 bit/64 bit)

Windows 2000 is no longer supported.


My OS is Windows 8.1...


Report •

#14
May 12, 2015 at 14:56:49
"My OS is Windows 8.1..."
My error, sorry, it only supports up to W8.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
http://www.askvg.com/how-to-disable...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed, make sure to re-enable your antivirus.


Report •

#15
May 12, 2015 at 14:58:24
I did a boot-time scan with AVAST. It was finished in about an hour. I can't find the log!!!!

Problems with clicking seem to be mounting! Double-clicks occur when I didn't double-click. And I have to click multiple times sometimes to do stuff when I should only have to click once!


Report •

#16
May 12, 2015 at 15:08:30
" I can't find the log!!!!"

C:\Users\All Users\AVAST Software\Avast\log


Report •

#17
May 12, 2015 at 16:08:56
" I can't find the log!!!!"

They are also down the bottom of the scan page.
https://www.avast.com/en-au/faq.php...


Report •

#18
May 12, 2015 at 20:31:57
JohnW: Would it in this case be easier to start with a system restore to a date well back so the infection was less active? Wouldn't it then be easier to remove it?
Just asking for information purposes. Learning myself. Always learning.

You have to be a little bit crazy to keep you from going insane.


Report •

#19
May 12, 2015 at 21:01:55
"Would it in this case be easier to start with a system restore to a date well back so the infection was less active?"
That may well be worth a try Fingers, I shall have a better picture after seeing the RogueKiller log.

"Learning myself. Always learning"
Yep, me too, it's fun.


Report •

#20
May 13, 2015 at 09:32:32
OK, I'm hoping against hope that this will be more of a challenge to you guys then a pain!

You may've given me way too much information at once. I'm an Aspergers person with other brain problems that keep me from using most of what should be an "Aspergers super-power." My eyesight is very poor. Add A D D plus some other fun stuff to the mix, and you get what looks a lot like a chimpanzee trying to fly a jet airliner! :) The only reason I haven't jumped in front of a train by now is I AM a musician and an artist. I taught myself all the basic guitar chords in one night... so I HAVE gotten something out of that I guess.

What's happened right now is, too much info at one time. When I look at my computer screen, I'm unable to skim over it, reading and searching for things. I have to look with the Windows Magnifier, reading every little things, carefully, each thing, one by one. It takes forever sometimes. And when things look like they're gonna take TOO long, and all the data will just scatter in my brain, grinding me to a halt, there's an "app" in my head that tries to stop me from continuing! It's probably connected to my synesthesia. Synesthetes can see sounds and hear colors. And I seem to be able to sense other things going on in my body that should be invisible. For instance.... when I get frustrated, I feel a very unpleasant sensation.

I'm totally sorry for this annoyance! I bring it up because people tend not to understand when I don't function the way most people do.

I ran RogueKiller but didn't know I had to run it as an admin. You said to right-click and choose "run as admin," but when and where do I do that?

If it's at all possible, please try and talk to me as if I were a computer. Be as literal as you can. Anything implied, I may miss.

I even reinstalled RogueKiller to see if I missed where to right-click to run as admin. . So I'm sending the log I got. The program ran though I did not disable my virus software.

Again. Om sorry for the bother. If you're not programmed to respond to my ridiculousness, then I'll do my best to follow your instructions as they are. And thank you again for your help.

I'm not sure if System Restore is even on. The last time I tried to use it, the magnifier went crazy. Maybe this time I'll try to use an actual magnifying glass to use SysRestore.

Yup! Om kinda freaking out a little. :)



Report •

#21
May 13, 2015 at 09:43:52
Here's the RogKiller Log I got. Donno if ittle help.

------------------------------------------------------------------------------------------------------------------------
RogueKiller V10.6.3.0 (x64) [May 11 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Jonathan [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/13/2015 12:34:57

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Found
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\Jonathan\AppData\Local\Temp\ALSysIO64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPU-Z (\??\C:\Users\Jonathan\AppData\Local\Temp\GPU-Z.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\Jonathan\AppData\Local\Temp\ALSysIO64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPU-Z (\??\C:\Users\Jonathan\AppData\Local\Temp\GPU-Z.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1610595117-2105667134-921046427-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.pugetsystems.com/welcome... -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1610595117-2105667134-921046427-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.pugetsystems.com/welcome... -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 34 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) msvcrt.dll - expf : Unknown @ 0x8088fc6 (jmp 0x37)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 PRO Series +++++
--- User ---
[MBR] 51551f19a9847dbda25d8ee19cc84c8b
[BSP] ce5d5a7b3c17e6616e3b8dfe2e482b67 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 488034 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1003FZEX-00MK2A0 +++++
--- User ---
[MBR] 1439d16fb8f19622345b46feced3ba48
[BSP] 2f3500918f30d0560b6c15152f6e1a17 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD1003FZEX-00MK2A0 +++++
--- User ---
[MBR] 4df8536cf814d5d09f4de765ca2e1987
[BSP] 94b83dfe5fb9ade38ebf2ae75ed25acc : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05132015_105955.log


Report •

#22
May 13, 2015 at 18:10:26
"OK, I'm hoping against hope that this will be more of a challenge to you guys"
Exactly.

" I taught myself all the basic guitar chords in one night"
Incredible.

"too much info at one time"
Print it out if you can, that is your best option.

"You said to right-click and choose "run as admin," but when and where do I do that?"
Refer these screenshots ( SS )
http://i.imgur.com/YeFWqKz.gif
http://i.imgur.com/xmVlInX.gif

"If it's at all possible, please try and talk to me as if I were a computer. Be as literal as you can. Anything implied, I may miss"
Anything you don't understand, use google until you find an explanation you can understand. I google almost everything.

To find things on your comp, use search.

I'm here.
http://www.timeanddate.com/worldclo...



Report •

#23
May 13, 2015 at 20:28:48
Here is a little feature that you may find useful. Hold the Control key and tap the + sign and most windows will zoom in so you can see better, repeat with the - sign and it will zoom out again. The more times you tap, the more it zooms.

You have to be a little bit crazy to keep you from going insane.


Report •

#24
May 14, 2015 at 09:13:54
I already know about that feature. But thanx anyway. My eye condition, (NYSTAGMUS), is rare. I can only use the magnifier, docked at the bottom, showing only one very large line of text. I use the magnifier in full-screen if I need to see something that disappears when I point to it with the mouse.

I solved most of the clicking problem. Apparently, it was the mouse itself. I switched mouses and except for one thing, (a free text to speech program called READPLEASE), who's icon needs to be clicked on, a few times, for it to appear and stay visible, everything else works now. But when I click on the START button, it still takes a long time sometimes, to respond with the Classic Shell START MENU... and searches for items on the computer sometimes take much longer than they used to.


Report •

#25
May 14, 2015 at 17:08:59
"I solved most of the clicking problem"
Good one.

"But when I click on the START button, it still takes a long time sometimes, to respond with the Classic Shell START MENU... and searches for items on the computer sometimes take much longer than they used to."

You need to run RogueKiller again & hit Delete.

The Delete log is what I need to see.


Report •

#26
May 15, 2015 at 06:36:49
Are you saying I should hit DELETE after I do a scan? Then do another scan and post it here?

Report •

#27
May 15, 2015 at 15:27:51
Original instructions.

"Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop"

Now look at your log.
" Mode : Scan -- Date : 05/13/2015 12:34:57"

Nothing has been deleted.

It should read.

Mode : Delete


Report •

#28
May 16, 2015 at 08:20:01
RogueKiller V10.6.3.0 (x64) [May 11 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Jonathan [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 05/16/2015 11:18:45

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Not selected
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\Jonathan\AppData\Local\Temp\ALSysIO64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPU-Z (\??\C:\Users\Jonathan\AppData\Local\Temp\GPU-Z.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\Jonathan\AppData\Local\Temp\ALSysIO64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPU-Z (\??\C:\Users\Jonathan\AppData\Local\Temp\GPU-Z.sys) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1610595117-2105667134-921046427-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.pugetsystems.com/welcome... -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1610595117-2105667134-921046427-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.pugetsystems.com/welcome... -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 34 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 PRO Series +++++
--- User ---
[MBR] 51551f19a9847dbda25d8ee19cc84c8b
[BSP] ce5d5a7b3c17e6616e3b8dfe2e482b67 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 488034 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1003FZEX-00MK2A0 +++++
--- User ---
[MBR] 1439d16fb8f19622345b46feced3ba48
[BSP] 2f3500918f30d0560b6c15152f6e1a17 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD1003FZEX-00MK2A0 +++++
--- User ---
[MBR] 4df8536cf814d5d09f4de765ca2e1987
[BSP] 94b83dfe5fb9ade38ebf2ae75ed25acc : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05132015_105955.log - RKreport_SCN_05132015_123457.log - RKreport_SCN_05162015_111733.log


Report •

#29
May 16, 2015 at 08:34:03
I wanted to do a boot-time scan. I did one in Avast but when it was finished, it was impossible to find the log!

The computer is definitely running slower. And it's now showing up in a game I like to play. Train Simulator 2015. It's beginning to stutter a bit.


Report •

#30
May 16, 2015 at 14:32:46
"The computer is definitely running slower"
Process of elimination, we will get there eventually, unless you want to try a system restore as per post #18.

How To Use System Restore in Windows 8 or 8.1
http://pcsupport.about.com/od/windo...

" I did one in Avast but when it was finished, it was impossible to find the log!"
I have UltraSearch open all the time.

How to find your Avast log using UltraSearch.
http://i.imgur.com/CedwdyF.gif

UltraSearch. Go into Search & make sure Include Folders is checked.
http://www.softpedia.com/get/File-m...
http://www.freewarefiles.com/UltraS...
http://www.freewarefiles.com/screen...
http://www.jam-software.com/ultrase...
http://i.imgur.com/RwURD1X.gif


Report •

#31
May 23, 2015 at 09:14:56
I went and got Ultrasearch and looked at the list of scans in Avast. I expected to find something that said BOOT TIME or something like that but there was nothing. So I just opened the latest scan. My original plan was to post the boot time scan because I don't know how to read the log. I looked at it and it appears to repeat over and over the same thing. So maybe it is the correct log... because when the scan was in progress, it seemed to stay at 38%, and it was taking forever. I just left the computer to do something else, and when I came back, the computer had restarted... with no evidence that the scan ever happened! It looked to me like something was blocking the scan progress, and after a while, the computer just gave up!

Report •

#32
May 23, 2015 at 17:09:43
Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
My ESET product detected a threat—what should I do?
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...

Report •

#33
May 26, 2015 at 12:16:14
I'm sorry but I'm losing it! :( I'm an Asperger with other serious problems such as very poor eyesight. Aspergers is high-functioning autism. I learn and function differently than the average person.
Respectfully, can I ask if you could first ask what my situation actually is, rather than giving me multiple instructions for many different situations. I was unable to deal with all that text. I need to be told what to do, step by step. The instructions need to be as simple and literal as possible. I will probably miss anything implied.

I'm sorry for the inconvenience.
And thanks for you help.
My system: High-end PC running Windows 8.1. There's no problem booting the system. The taskbar doesn't appear sometimes. It's under other windows. And sometimes files don't appear where I put them. To find them, I sometimes have to take another path.

But now what's happening has stopped me cold in my work! Maybe you can tell me where I should post about this.

Up to now, I've been sending files from Adobe Illustrator CC to a client via Yahoo Mail by dragging and dropping files into Yahoo from a drop-down list that appears when I right-click the the Illustrator icon on the taskbar. I'm creating a logo for this person. But when I tried to do this today, the file I wanted did not appear on the list. And when I tried to get the file another way, the file would not appear either. Only old files from yesterday on back are there. No new files can be transferred to Yahoo, (or Hotmail or Gmail). I'm at a loss as to what to do. :(


Report •

#34
May 27, 2015 at 04:06:05
1: Download ESET.

2: Run ESET.

3: Copy & Paste the resuts here.

4: If you have any problems, refer my previous ESET post.


Report •

#35
June 4, 2015 at 08:03:46
I ran ESET. Here's a list of the infected files it found. The first 3 items on the list could not be cleared.

Should I quarantine those 3 files?

C:\Users\Jonathan\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Jonathan\Downloads\spsetup128(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Jonathan\Downloads\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\Jonathan\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\Jonathan\Downloads\spsetup128(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\Jonathan\Downloads\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Downloads\CT2854686.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Downloads\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Downloads\Shockwave_Installer_Slim(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Downloads\Shockwave_Installer_Slim(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Downloads\speedupmypc.exe Win32/SpeedUpMyPC potentially unwanted application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Jonathan Rand\Downloads\CT2854686.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Jonathan Rand\Downloads\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Jonathan Rand\Downloads\Shockwave_Installer_Slim(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Jonathan Rand\Downloads\Shockwave_Installer_Slim(2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Jonathan Rand\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\DOCUMENTS ON D w\WORK FILES w\Old files from Baby\Jonathan Rand\Downloads\speedupmypc.exe Win32/SpeedUpMyPC potentially unwanted application deleted - quarantined


Report •

#36
June 4, 2015 at 16:02:43
"Should I quarantine those 3 files?"
Yes.
They are not doing any harm, but are not needed any more.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#37
June 5, 2015 at 12:05:26
Oh, I see I can't quarantine those 3 files. So do I have to just leave them on my system?

C:\Users\Jonathan\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Jonathan\Downloads\spsetup128(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Jonathan\Downloads\spsetup128.exe Win32/Bundled.Toolbar.Google.D


Report •

#38
June 5, 2015 at 12:20:49
This is not the first time I ran this program. Here is the scan I just got:
I have the scan before this one... plus the "additions" thingie, if you want it.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Jonathan (administrator) on PUGET-124909 on 05-06-2015 15:13:39
Running from C:\Users\Jonathan\Desktop
Loaded Profiles: Jonathan (Available Profiles: Jonathan)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topi...

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Mozilla Corporation) D:\New folder\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe
(Mozilla Corporation) D:\New folder\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\QFSCHD170.EXE [166240 2014-03-14] (Corel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-04] (Avast Software s.r.o.)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\638fca35-ebaa-41c2-804f-35d31c088b67.exe [183232 2015-06-04] (AVAST Software)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\Run: [Wipe Maintance] => C:\Program Files\Wipe\net1.exe [546456 2015-03-23] (www.privacyroot.com)
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\MountPoints2: {310dfded-f079-11e3-824c-806e6f6e6963} - "F:\Setup.exe"
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ ReadPlease 2003 FREE.lnk [2014-07-21]
ShortcutTarget: ReadPlease 2003 FREE.lnk -> C:\Program Files (x86)\ReadPlease 2003\ReadPlease2003.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ ReadPlease PLUS 2003.lnk [2014-07-21]
ShortcutTarget: ReadPlease PLUS 2003.lnk -> C:\Program Files (x86)\ReadPlease 2003\ReadPleasePlus2003.exe (ReadPlease Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-06-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk [2014-06-09]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Help File and Tutorials.lnk [2014-07-21]
ShortcutTarget: Help File and Tutorials.lnk -> C:\Program Files (x86)\ReadPlease 2003\Help\rphelp.exe (MoneyTree Software Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall ReadPlease 2003.lnk [2014-07-21]
ShortcutTarget: Uninstall ReadPlease 2003.lnk -> C:\Program Files (x86)\ReadPlease 2003\unins000.exe (Jordan Russell)
Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2015-03-23]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-04] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1610595117-2105667134-921046427-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pugetsystems.com/welcome...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-04] (Avast Software s.r.o.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-04] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\upwim1eh.default-1410530680684
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-04]
StartMenuInternet: FIREFOX.EXE - D:\New folder\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-09]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-09]
CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-09]
CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-27]
CHR Extension: (Bookmark Manager) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-21]
CHR Extension: (Avast Online Security) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-12]
CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-09]
CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service...
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-04] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-04] (Avast Software)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-08] (Broadcom Corporation.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-05-05] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [79136 2013-09-16] (Windows (R) Win 7 DDK provider)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-04] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-08] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2014-06-09] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-04-20] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-05-02] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 Spyder4; C:\Windows\System32\drivers\dccmtr.sys [15360 2012-10-02] (Datacolor)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-04] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Jonathan\AppData\Local\Temp\ALSysIO64.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 cpuz135; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GPU-Z; \??\C:\Users\Jonathan\AppData\Local\Temp\GPU-Z.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 15:10 - 2015-06-05 15:10 - 00000000 ____D C:\Users\Jonathan\Desktop\FRST-OlderVersion
2015-06-04 10:32 - 2015-06-04 10:32 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\AVAST Software
2015-06-04 10:31 - 2015-06-04 10:31 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-04 10:31 - 2015-06-04 10:31 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-06-04 10:31 - 2015-06-04 10:31 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-04 10:31 - 2015-06-04 10:31 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-04 10:31 - 2015-06-04 10:31 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-04 10:31 - 2015-06-04 10:31 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-04 10:31 - 2015-06-04 10:31 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-04 10:31 - 2015-06-04 10:31 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-04 10:31 - 2015-06-04 10:31 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-04 10:31 - 2015-06-04 10:31 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-04 10:31 - 2015-06-04 10:31 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-04 10:31 - 2015-06-04 10:31 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-04 10:31 - 2015-06-04 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-04 10:30 - 2015-06-04 10:30 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-04 10:28 - 2015-06-04 10:29 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Jonathan\Desktop\avast_free_antivirus_setup_online_softonic.exe
2015-06-03 20:19 - 2015-06-03 20:19 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-03 20:18 - 2015-06-03 20:18 - 02870984 _____ (ESET) C:\Users\Jonathan\Desktop\esetsmartinstaller_enu.exe
2015-05-27 17:48 - 2015-05-27 17:48 - 00002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-05-27 17:47 - 2015-05-27 17:47 - 00880208 _____ (Google Inc.) C:\Users\Jonathan\Downloads\GoogleEarthSetup (2).exe
2015-05-27 17:46 - 2015-05-27 17:46 - 00880208 _____ (Google Inc.) C:\Users\Jonathan\Downloads\GoogleEarthSetup (1).exe
2015-05-26 13:06 - 2015-05-26 13:06 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Jonathan\Desktop\avast_free_antivirus_setup_online_cnet.exe
2015-05-26 11:55 - 2015-05-30 18:37 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CrashDumps
2015-05-26 09:20 - 2015-05-26 09:21 - 00203357 _____ C:\Users\Jonathan\Desktop\103 103.ai
2015-05-23 00:29 - 2015-05-23 00:29 - 00000242 _____ C:\Users\Jonathan\Desktop\Bakrid 2014 Vallee Pitot.URL
2015-05-22 18:42 - 2015-05-26 11:21 - 00000000 ____D C:\Users\Jonathan\Documents\Fax
2015-05-22 18:42 - 2015-05-22 18:42 - 01060148 _____ C:\Users\Jonathan\Desktop\CUSP Agreement 2015.jpeg
2015-05-17 15:53 - 2015-05-17 15:53 - 00001218 _____ C:\Users\Jonathan\Desktop\UltraSearch.lnk
2015-05-17 15:53 - 2015-05-17 15:53 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\JAM Software
2015-05-17 15:53 - 2015-05-17 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
2015-05-17 15:53 - 2015-05-17 15:53 - 00000000 ____D C:\Program Files (x86)\JAM Software
2015-05-17 15:16 - 2015-05-17 15:16 - 05604992 _____ (JAM Software ) C:\Users\Jonathan\Desktop\UltraSearch-x86-Setup.exe
2015-05-16 11:36 - 2015-05-16 11:37 - 00243344 _____ C:\Users\Jonathan\Desktop\Firefox Setup Stub 38.0.1.exe
2015-05-13 10:53 - 2015-05-16 11:12 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-05-13 10:53 - 2015-05-13 11:49 - 00000000 ____D C:\ProgramData\RogueKiller
2015-05-13 10:52 - 2015-05-13 12:22 - 00000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-05-13 10:52 - 2015-05-13 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-13 10:52 - 2015-05-13 12:22 - 00000000 ____D C:\Program Files\RogueKiller
2015-05-13 10:46 - 2015-05-13 10:47 - 18974568 _____ (Adlice Software ) C:\Users\Jonathan\Desktop\setup.exe
2015-05-12 17:33 - 2015-05-12 17:33 - 05623215 _____ (Swearware) C:\Users\Jonathan\Desktop\ComboFix.exe
2015-05-12 10:15 - 2015-05-12 10:15 - 00880208 _____ (Google Inc.) C:\Users\Jonathan\Desktop\ChromeSetup.exe
2015-05-07 07:12 - 2015-06-04 11:16 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1610595117-2105667134-921046427-1001

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 15:13 - 2015-04-27 09:14 - 00026523 _____ C:\Users\Jonathan\Desktop\FRST.txt
2015-06-05 15:13 - 2015-04-27 08:57 - 00000000 ____D C:\FRST
2015-06-05 15:10 - 2015-04-27 09:07 - 02108928 _____ (Farbar) C:\Users\Jonathan\Desktop\FRST64.exe
2015-06-05 15:10 - 2014-06-10 15:44 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\ClassicShell
2015-06-05 15:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-05 14:35 - 2014-06-10 04:43 - 01131364 _____ C:\Windows\WindowsUpdate.log
2015-06-05 14:22 - 2014-12-26 23:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-05 14:18 - 2014-06-09 15:42 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 13:32 - 2014-08-03 23:30 - 00000034 _____ C:\Users\Jonathan\AppData\Roaming\AdobeWLCMCache.dat
2015-06-05 12:53 - 2014-10-21 16:18 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-05 10:48 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-05 10:18 - 2014-06-09 15:42 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-05 09:23 - 2014-06-10 04:51 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9492103D-2C23-4644-AAA0-3220C4BF820E}
2015-06-04 10:03 - 2014-06-09 16:27 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Adobe
2015-06-03 20:36 - 2014-06-10 04:47 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-03 20:30 - 2014-06-10 18:36 - 00076926 _____ C:\Windows\setupact.log
2015-06-03 20:30 - 2014-06-10 17:15 - 01911440 _____ C:\Windows\PFRO.log
2015-06-03 20:30 - 2014-06-09 15:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-03 20:30 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-05-30 18:34 - 2014-10-02 17:53 - 00000000 ____D C:\TempDump
2015-05-29 11:07 - 2015-01-04 14:07 - 00000000 ____D C:\Users\Jonathan\Documents\My Kindle Content
2015-05-26 18:19 - 2014-06-09 15:42 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-26 13:08 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-05-26 11:45 - 2014-06-10 04:46 - 00000000 ____D C:\Users\Jonathan
2015-05-26 11:45 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-05-26 11:44 - 2014-07-19 13:17 - 00000000 ____D C:\ProgramData\AVAST Software
2015-05-26 11:44 - 2014-06-09 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-26 11:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\registration
2015-05-26 11:35 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-05-25 13:56 - 2015-04-27 09:15 - 00046920 _____ C:\Users\Jonathan\Desktop\Addition.txt
2015-05-17 12:34 - 2014-06-09 15:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 11:39 - 2014-09-13 11:40 - 00000629 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-16 11:39 - 2014-09-13 11:40 - 00000629 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-16 10:41 - 2014-06-09 15:33 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 09:43 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI(14)
2015-05-15 20:31 - 2014-12-26 23:45 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-14 10:13 - 2014-06-09 15:42 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-14 10:13 - 2014-06-09 15:42 - 00003668 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-09 17:05 - 2015-03-25 15:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-09 17:04 - 2015-03-25 15:02 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-09 17:04 - 2015-03-25 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-09 17:04 - 2015-03-25 15:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-07 07:32 - 2015-03-30 16:48 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 07:32 - 2015-03-30 16:48 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-07 07:32 - 2015-03-30 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

==================== Files in the root of some directories =======

2014-07-21 18:56 - 2014-07-21 18:56 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-08-03 23:30 - 2015-06-05 13:32 - 0000034 _____ () C:\Users\Jonathan\AppData\Roaming\AdobeWLCMCache.dat
2015-03-29 18:03 - 2015-03-29 18:03 - 0000218 _____ () C:\Users\Jonathan\AppData\Local\recently-used.xbel
2014-09-09 16:45 - 2014-10-10 02:19 - 0007605 _____ () C:\Users\Jonathan\AppData\Local\resmon.resmoncfg
2015-02-14 19:18 - 2015-04-14 21:34 - 0000015 _____ () C:\Users\Jonathan\AppData\Local\X-Plane_drm.prf
2015-02-14 19:18 - 2015-02-14 19:18 - 0000059 _____ () C:\Users\Jonathan\AppData\Local\x-plane_install_10.txt
2014-12-27 01:04 - 2014-12-27 01:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-09 15:12 - 2014-06-09 15:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-11 22:11 - 2014-12-26 19:36 - 0006227 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\avgnt.exe
C:\Users\Jonathan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jonathan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jonathan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-28 10:51

==================== End of log ============================


Report •

#39
June 5, 2015 at 16:23:13
"Oh, I see I can't quarantine those 3 files"
Thought that was unusual.

"So do I have to just leave them on my system?"
If you have already installed them, delete them.

message edited by Johnw


Report •

#40
June 5, 2015 at 16:38:57
I shall wait until you respond to my post #39

Report •

#41
June 8, 2015 at 08:22:29
OK, I uninstalled ccleaner and ran the online scanner again and it found no threats. Is there anything else I can do to make sure there's no malicious stuff in my system... or to get my computer to run faster?


Report •

#42
June 8, 2015 at 16:49:36
" Is there anything else I can do to make sure there's no malicious stuff in my system"
"plus the "additions" thingie, if you want it"
Yes please, both logs are required.

Make sure you are using the latest version > 7.6.2015.0

If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif

The logs are large, upload them using Zippy.

message edited by Johnw


Report •

#43
June 9, 2015 at 05:08:39
I'm sorry. I got spooked by Zippy! I'm just gonna post the 2 logs here without it.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Jonathan (administrator) on PUGET-124909 on 09-06-2015 07:47:16
Running from C:\Users\Jonathan\Desktop
Loaded Profiles: Jonathan (Available Profiles: Jonathan)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topi...

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Mozilla Corporation) D:\New folder\firefox.exe
(Mozilla Corporation) D:\New folder\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\QFSCHD170.EXE [166240 2014-03-14] (Corel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\Run: [Wipe Maintance] => C:\Program Files\Wipe\net1.exe [546456 2015-03-23] (www.privacyroot.com)
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\MountPoints2: {310dfded-f079-11e3-824c-806e6f6e6963} - "F:\Setup.exe"
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ ReadPlease 2003 FREE.lnk [2014-07-21]
ShortcutTarget: ReadPlease 2003 FREE.lnk -> C:\Program Files (x86)\ReadPlease 2003\ReadPlease2003.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ ReadPlease PLUS 2003.lnk [2014-07-21]
ShortcutTarget: ReadPlease PLUS 2003.lnk -> C:\Program Files (x86)\ReadPlease 2003\ReadPleasePlus2003.exe (ReadPlease Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-06-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk [2014-06-09]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Help File and Tutorials.lnk [2014-07-21]
ShortcutTarget: Help File and Tutorials.lnk -> C:\Program Files (x86)\ReadPlease 2003\Help\rphelp.exe (MoneyTree Software Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall ReadPlease 2003.lnk [2014-07-21]
ShortcutTarget: Uninstall ReadPlease 2003.lnk -> C:\Program Files (x86)\ReadPlease 2003\unins000.exe (Jordan Russell)
Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2015-03-23]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1610595117-2105667134-921046427-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pugetsystems.com/welcome...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\upwim1eh.default-1410530680684
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
StartMenuInternet: FIREFOX.EXE - D:\New folder\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-09]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-09]
CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-09]
CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-27]
CHR Extension: (Bookmark Manager) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-12]
CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-09]
CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service...

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-08] (Broadcom Corporation.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-05-05] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [79136 2013-09-16] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-08] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2014-06-09] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-04-20] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-05-02] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 Spyder4; C:\Windows\System32\drivers\dccmtr.sys [15360 2012-10-02] (Datacolor)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Jonathan\AppData\Local\Temp\ALSysIO64.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 cpuz135; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GPU-Z; \??\C:\Users\Jonathan\AppData\Local\Temp\GPU-Z.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 07:41 - 2015-06-09 07:41 - 00000109 ____H C:\Users\Jonathan\Desktop\.~lock.Addition.txt#
2015-06-08 10:14 - 2015-06-08 10:15 - 02870984 _____ (ESET) C:\Users\Jonathan\Desktop\esetsmartinstaller_enu.exe
2015-06-08 08:37 - 2015-06-08 08:37 - 00000000 ____D C:\Users\Jonathan\Desktop\FRST-OlderVersion
2015-06-08 08:31 - 2015-06-08 08:33 - 00000000 ____D C:\Users\Jonathan\Desktop\LOGO
2015-06-03 20:19 - 2015-06-03 20:19 - 00000000 ____D C:\Program Files (x86)\ESET
2015-05-27 17:48 - 2015-05-27 17:48 - 00002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-05-27 17:47 - 2015-05-27 17:47 - 00880208 _____ (Google Inc.) C:\Users\Jonathan\Downloads\GoogleEarthSetup (2).exe
2015-05-27 17:46 - 2015-05-27 17:46 - 00880208 _____ (Google Inc.) C:\Users\Jonathan\Downloads\GoogleEarthSetup (1).exe
2015-05-26 13:06 - 2015-05-26 13:06 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Jonathan\Desktop\avast_free_antivirus_setup_online_cnet.exe
2015-05-26 11:55 - 2015-06-08 13:35 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CrashDumps
2015-05-23 00:29 - 2015-05-23 00:29 - 00000242 _____ C:\Users\Jonathan\Desktop\Bakrid 2014 Vallee Pitot.URL
2015-05-22 18:42 - 2015-05-26 11:21 - 00000000 ____D C:\Users\Jonathan\Documents\Fax
2015-05-22 18:42 - 2015-05-22 18:42 - 01060148 _____ C:\Users\Jonathan\Desktop\CUSP Agreement 2015.jpeg
2015-05-17 15:53 - 2015-05-17 15:53 - 00001218 _____ C:\Users\Jonathan\Desktop\UltraSearch.lnk
2015-05-17 15:53 - 2015-05-17 15:53 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\JAM Software
2015-05-17 15:53 - 2015-05-17 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
2015-05-17 15:53 - 2015-05-17 15:53 - 00000000 ____D C:\Program Files (x86)\JAM Software
2015-05-17 15:16 - 2015-05-17 15:16 - 05604992 _____ (JAM Software ) C:\Users\Jonathan\Desktop\UltraSearch-x86-Setup.exe
2015-05-16 11:36 - 2015-05-16 11:37 - 00243344 _____ C:\Users\Jonathan\Desktop\Firefox Setup Stub 38.0.1.exe
2015-05-13 10:53 - 2015-05-16 11:12 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-05-13 10:53 - 2015-05-13 11:49 - 00000000 ____D C:\ProgramData\RogueKiller
2015-05-13 10:52 - 2015-05-13 12:22 - 00000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-05-13 10:52 - 2015-05-13 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-13 10:52 - 2015-05-13 12:22 - 00000000 ____D C:\Program Files\RogueKiller
2015-05-13 10:46 - 2015-05-13 10:47 - 18974568 _____ (Adlice Software ) C:\Users\Jonathan\Desktop\setup.exe
2015-05-12 17:33 - 2015-05-12 17:33 - 05623215 _____ (Swearware) C:\Users\Jonathan\Desktop\ComboFix.exe
2015-05-12 10:15 - 2015-05-12 10:15 - 00880208 _____ (Google Inc.) C:\Users\Jonathan\Desktop\ChromeSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 07:47 - 2015-04-27 09:14 - 00023918 _____ C:\Users\Jonathan\Desktop\FRST.txt
2015-06-09 07:47 - 2015-04-27 08:57 - 00000000 ____D C:\FRST
2015-06-09 07:34 - 2014-06-10 15:44 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\ClassicShell
2015-06-09 07:33 - 2014-08-03 23:30 - 00000034 _____ C:\Users\Jonathan\AppData\Roaming\AdobeWLCMCache.dat
2015-06-09 07:22 - 2014-12-26 23:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-09 07:18 - 2014-06-09 15:42 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-09 07:04 - 2014-06-10 04:51 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9492103D-2C23-4644-AAA0-3220C4BF820E}
2015-06-09 07:03 - 2014-06-09 16:27 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Adobe
2015-06-09 07:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-08 17:27 - 2014-10-21 16:18 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-08 16:40 - 2014-06-10 04:43 - 01940173 _____ C:\Windows\WindowsUpdate.log
2015-06-08 15:27 - 2014-06-10 04:47 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-08 15:21 - 2014-06-10 18:36 - 00077854 _____ C:\Windows\setupact.log
2015-06-08 15:21 - 2014-06-09 15:42 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-08 15:21 - 2014-06-09 15:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-08 15:21 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 15:21 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-08 12:15 - 2015-05-07 07:12 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1610595117-2105667134-921046427-1001
2015-06-08 11:25 - 2014-06-10 17:15 - 02889602 _____ C:\Windows\PFRO.log
2015-06-08 08:53 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-08 08:37 - 2015-04-27 09:07 - 02108928 _____ (Farbar) C:\Users\Jonathan\Desktop\FRST64.exe
2015-06-06 21:19 - 2014-12-24 17:28 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-06-06 21:19 - 2014-12-24 17:28 - 00000000 ____D C:\Windows\system32\vbox
2015-06-06 21:19 - 2014-06-10 04:46 - 00000000 ____D C:\Users\Jonathan
2015-06-06 21:18 - 2014-07-19 13:17 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-06 21:18 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\registration
2015-05-30 18:34 - 2014-10-02 17:53 - 00000000 ____D C:\TempDump
2015-05-29 11:07 - 2015-01-04 14:07 - 00000000 ____D C:\Users\Jonathan\Documents\My Kindle Content
2015-05-26 18:19 - 2014-06-09 15:42 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-26 13:08 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI(32)
2015-05-26 11:45 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-05-26 11:44 - 2014-06-09 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-26 11:35 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-05-25 13:56 - 2015-04-27 09:15 - 00046920 _____ C:\Users\Jonathan\Desktop\Addition.txt
2015-05-17 12:34 - 2014-06-09 15:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 11:39 - 2014-09-13 11:40 - 00000629 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-16 11:39 - 2014-09-13 11:40 - 00000629 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-16 10:41 - 2014-06-09 15:33 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 09:43 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI(14)
2015-05-15 20:31 - 2014-12-26 23:45 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-14 10:13 - 2014-06-09 15:42 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-14 10:13 - 2014-06-09 15:42 - 00003668 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2014-07-21 18:56 - 2014-07-21 18:56 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-08-03 23:30 - 2015-06-09 07:33 - 0000034 _____ () C:\Users\Jonathan\AppData\Roaming\AdobeWLCMCache.dat
2015-03-29 18:03 - 2015-03-29 18:03 - 0000218 _____ () C:\Users\Jonathan\AppData\Local\recently-used.xbel
2014-09-09 16:45 - 2014-10-10 02:19 - 0007605 _____ () C:\Users\Jonathan\AppData\Local\resmon.resmoncfg
2015-02-14 19:18 - 2015-04-14 21:34 - 0000015 _____ () C:\Users\Jonathan\AppData\Local\X-Plane_drm.prf
2015-02-14 19:18 - 2015-02-14 19:18 - 0000059 _____ () C:\Users\Jonathan\AppData\Local\x-plane_install_10.txt
2014-12-27 01:04 - 2014-12-27 01:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-09 15:12 - 2014-06-09 15:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-11 22:11 - 2014-12-26 19:36 - 0006227 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\avgnt.exe
C:\Users\Jonathan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jonathan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jonathan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-07 11:47

==================== End of log ============================


I'll post the ADDITIONS log in a separate post.


Report •

#44
June 9, 2015 at 05:19:43
"I'm sorry. I got spooked by Zippy! I'm just gonna post the 2 logs here without it"
That's fine, but it sounds like you don't have a pop up blocker.

I use Ad Muncher
http://www.softpedia.com/get/Intern...
https://www.admuncher.com/


Report •

#45
June 9, 2015 at 05:20:32
OK! OK! :( This second log post exceeded capacity. Too large. Om trying cutting it to half in this post, and the second half in the next. If that doesn't work, I'm gonna have to do it the way real people do it.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Jonathan at 2015-05-25 13:56:05
Running from C:\Users\Jonathan\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1610595117-2105667134-921046427-500 - Administrator - Disabled)
Guest (S-1-5-21-1610595117-2105667134-921046427-501 - Limited - Enabled)
Jonathan (S-1-5-21-1610595117-2105667134-921046427-1001 - Administrator - Enabled) => C:\Users\Jonathan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{7F823F8E-4348-11E4-8BF8-81763C49AA32}) (Version: 15.1.0 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.2.0.069 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM-x32\...\{4FC5F06E-31E5-4C22-9449-CB41B62D1897}) (Version: 2014.3.0.1176 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Amazon Kindle (HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.1.0916 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.143 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EIZO EasyPIX (HKLM\...\{ 7E7F4E34-6828-4F52-8B27-E3C16E4CE7A1}_is1) (Version: 2.3.2 - EIZO Corporation)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\{FBD50733-2ABE-3D23-88B4-7B0C0A0ADDA0}) (Version: 65.181.32922 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{3082CB96-66E8-456D-8326-118A4F5DC0C6}) (Version: 32.0.90.45518 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 19.3.141.0 (HKLM\...\PROSetDX) (Version: 19.3.141.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.1.2 (x86 en-US)) (Version: 31.1.2 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
ReadPlease 2003/ReadPlease PLUS 2003 (HKLM-x32\...\ReadPlease 2003_is1) (Version: 2003.1.10 - ReadPlease Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steam and Options (HKLM\...\Steam_and_Options) (Version: 1.0 - Steam)
Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com)
UltraSearch V2.0.3 (HKLM-x32\...\UltraSearch_is1) (Version: 2.0.3 - JAM Software)
Unchecky v0.3.7.5 (HKLM-x32\...\Unchecky) (Version: 0.3.7.5 - RaMMicHaeL)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Windows Driver Package - Datacolor (Spyder3) USB (09/10/2007 1.0.0.3) (HKLM\...\2F24D930929D08C29A697E2C2E0574EC1CCCAE1D) (Version: 09/10/2007 1.0.0.3 - Datacolor)
Windows Driver Package - Datacolor (Spyder4) USB (06/01/2011 1.0.0.1) (HKLM\...\E5E9268B6D7B0E662E34736CC110C89D595E4222) (Version: 06/01/2011 1.0.0.1 - Datacolor)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Wipe (HKLM\...\wipe) (Version: 2015.02 - PrivacyRoot.com)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X7 - Common Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Common Files English (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM Content TBYB (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM TBYB (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files English (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Oxford (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files English (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files English (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Setup Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - System Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files English (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - WPD format Props x64 (Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - WT (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 (HKLM-x32\...\_{64A329FC-D1B2-4354-922D-21F7EC777E10}) (Version: 17.0.0.314 - Corel Corporation)
WordPerfect Office X7 (x32 Version: 17.0 - Corel Corporation) Hidden
X-Plane 10 Global - 64 Bit (HKLM-x32\...\Steam App 292180) (Version: - Laminar Research)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1610595117-2105667134-921046427-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1610595117-2105667134-921046427-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1610595117-2105667134-921046427-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1610595117-2105667134-921046427-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1610595117-2105667134-921046427-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1610595117-2105667134-921046427-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1610595117-2105667134-921046427-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1610595117-2105667134-921046427-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1610595117-2105667134-921046427-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-05-2015 15:50:16 Scheduled Checkpoint
12-05-2015 12:16:38 avast! antivirus system restore point
20-05-2015 13:36:35 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-05-22 21:29 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {249AB03E-79DC-4233-9D45-8C046D9F2715} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2B56540D-6863-4B0F-ADE4-84458D1B12B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-15] (Adobe Systems Incorporated)
Task: {3552019A-DFB9-4D08-A1E4-7DABB0B165D6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-12] (Avast Software s.r.o.)
Task: {489FAAA8-F7E9-49DE-B97F-29D858B6D9DD} - System32\Tasks\AdobeAAMUpdater-1.0-Puget-124909-Jonathan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {9A74CE4A-C171-4D45-B83E-EA6FECB1F9F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-09] (Google Inc.)
Task: {C95D3C99-6558-496A-8AF6-54C1BBC622C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {CFDAED24-AA1F-4E82-8D9A-36E267E6F63D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-09] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-06-09 15:27 - 2014-07-02 14:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-09 15:25 - 2012-10-29 02:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2013-08-19 19:03 - 2013-08-19 19:03 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-09-28 18:19 - 2014-08-19 15:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-05-10 05:17 - 2014-12-03 23:44 - 00014552 _____ () C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\SPBasic.dll
2014-05-10 05:16 - 2014-12-03 23:44 - 00081624 _____ () C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Alcid.dll
2015-05-12 12:16 - 2015-05-12 12:16 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-12 12:16 - 2015-05-12 12:16 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-22 16:10 - 2015-05-22 16:10 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052201\algo.dll
2015-05-25 11:50 - 2015-05-25 11:50 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052500\algo.dll
2014-02-12 23:58 - 2014-02-12 23:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 23:58 - 2014-02-12 23:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-09 15:25 - 2015-05-22 21:29 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2014-06-09 15:25 - 2012-05-07 11:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2014-10-21 16:20 - 2015-04-16 13:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 10:30 - 2015-04-22 22:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-10-21 16:20 - 2015-05-14 21:58 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-20 10:30 - 2015-04-22 22:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 10:30 - 2015-04-22 22:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-10-21 16:20 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-10-21 16:20 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-10-21 16:20 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-10-21 16:20 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-10-21 16:20 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-10-21 16:20 - 2015-05-14 21:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-10-21 16:20 - 2015-05-11 15:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-05-16 09:52 - 2015-05-11 15:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
AlternateDataStreams: C:\Users\Jonathan\Desktop\CUSP Agreement 2015.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Jonathan\Desktop\CUSP Agreement 2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


Report •

#46
June 9, 2015 at 05:22:29
It worked. So now here's the rest of the additions log...

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1610595117-2105667134-921046427-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CrashPlan Tray.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Help File and Tutorials.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Uninstall ReadPlease 2003.lnk"
HKLM\...\StartupApproved\StartupFolder: => " ReadPlease 2003 FREE.lnk"
HKLM\...\StartupApproved\StartupFolder: => " ReadPlease PLUS 2003.lnk"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtHDVBg_DTS"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "QuickFinder Scheduler"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\StartupApproved\StartupFolder: => "Wipe Tray Agent.lnk"
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\StartupApproved\Run: => "HP Officejet Pro 8610 (NET)"
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\StartupApproved\Run: => "Wipe Maintance"
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{BA226B33-9482-482F-A7AA-44019C4675AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60829AA4-99C9-4CC1-9AAE-43FC883759E9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{155A09B2-CAA4-44DF-B72C-428C9A6F7FBE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C30FEC9E-88C5-445C-8ABB-6DADF2BBC012}] => (Allow) LPort=2869
FirewallRules: [{9603F4A1-D160-4616-A4C6-3E8B83C0FC30}] => (Allow) LPort=1900
FirewallRules: [{332F1364-6710-4475-A121-CC9B584E2D8D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{9796CE9C-7818-47F5-A2AF-850461AC2BC5}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F50FF9A4-F3B8-4FD2-A4A4-63A31C1DA451}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{946F3D9E-3168-487C-9F59-59A9EF03B8A4}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{97047A40-3738-4D7F-AC43-037C8B3C6F75}] => (Allow) D:\EIZO EasyPIX\core\ep_eacore.exe
FirewallRules: [{DA66ADE7-1ACD-4CB9-9D85-0AA5EB67230D}] => (Allow) D:\EIZO EasyPIX\core\ep_eacore.exe
FirewallRules: [{84E12C85-88D5-45B5-BF01-EB66BC6BDAA3}] => (Allow) C:\Program Files\EIZO\EIZO EasyPIX\core\ep_eacore.exe
FirewallRules: [{EB417DDE-CC84-49A1-9D0F-3AFE6D9347B0}] => (Allow) C:\Program Files\EIZO\EIZO EasyPIX\core\ep_eacore.exe
FirewallRules: [{4AE44741-B4C0-42CA-97CE-1344F78A87FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{6B6BD40A-A1A8-4F08-832A-6C25C063A115}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{09CF93E4-D05D-4330-8EEC-19B6A9D9D6EB}] => (Allow) C:\Users\Jonathan\AppData\Local\Temp\7zS6235\hppiw.exe
FirewallRules: [{494C1DFD-79CC-43AF-ACBF-E984253E4B98}] => (Allow) C:\Users\Jonathan\AppData\Local\Temp\7zS6235\hppiw.exe
FirewallRules: [{D1885F18-8149-4819-92A5-C61B13897AA8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C9E21750-E516-4722-A14B-1A1BDA5F08AE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{9AB918D9-D13C-4342-8F5B-5A34AB84B879}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{4B83B3B6-7E1C-45E8-A6F0-EB4E8E1D88CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{B92369F6-BE49-4ED3-9115-1806BE33FC39}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{2497CC24-708F-498F-B84F-97FF46900B34}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{53BC0CC7-2837-438F-A8BC-C62DE2ED845E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{86B2489A-73B7-44D9-B400-35BE3F90BD46}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{04108E00-5A46-4338-8F57-95120FA92EA2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{F34D56BD-7431-455A-A860-5258CD695478}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{7C4ACE92-6E98-4389-A45F-BDCA07396158}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{3ABD50D6-0677-441E-9DA1-72C06B07C31B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{FA34E5DD-376E-4FD5-AF3C-CD5D456DEAD5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{8EDED6B1-4F71-428D-9D2D-DC5EBD928181}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{AE881067-670B-4488-981F-0C8A02A862F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{ECF314AE-B39E-4983-98B6-78BC04991452}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{B707F3FF-E508-4003-8C0F-57FAD80F76FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{6CA41173-4CD1-4E0A-8189-2A069F60F690}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B6B5F6FC-491E-4E4A-B5B4-E8EC1A90940C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{4AA3CACB-E1E6-4789-B929-98E2F153DFA3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{80771477-C0D0-4379-80DB-2CD67115F26A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0367B572-A114-4E27-8D52-EC76D66FA00D}] => (Allow) C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{29ED48B9-5F51-40E0-A836-E596D686418B}] => (Allow) C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2FD0A754-0407-492D-9A8D-7969E8043648}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D68C264A-348F-49DB-800E-EC2B434A0E7A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8F7F3220-26DF-4C4D-97BA-2B16EF2FCD73}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CD13327C-5CEC-4063-9A51-2CA92787D502}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{89EA5864-2A6D-436C-8327-A2B07B3E8624}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{2B539CF8-24B6-4FB2-9179-C7489E20D822}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{DD4326BC-BA2C-4CD0-8E4A-43B153A6A86D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{84C32F8C-704D-4DF1-A1BD-49515C67EBAE}] => (Allow) LPort=5357
FirewallRules: [{AD8D8B4C-7538-4E73-A285-714A0BCF18E6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{38F293C4-D431-459C-92A4-3FB1445C8091}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{1E01B078-0479-4153-B6C4-54864B78299B}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{531CAD67-BEEC-43B5-A440-A2FFA354EE5B}] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{5BE0850C-B669-40B9-AEA4-B942C3BFD401}] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{2056FE34-79F8-4191-84D5-FCA5E09A2FCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X-Plane 10\X-Plane.exe
FirewallRules: [{4F21B3E7-84EA-45B7-9F4B-5CA046794CFE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X-Plane 10\X-Plane.exe
FirewallRules: [{F38AE078-3F40-4FF1-ADA9-25D9E29AFB46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X-Plane 10\X-Plane-32bit.exe
FirewallRules: [{E0045023-F2B1-4709-B70C-47A0012FCBB9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X-Plane 10\X-Plane-32bit.exe
FirewallRules: [{AF279462-BA64-4D0C-AEA4-DADD5DA4ECF6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X-Plane 10\Airfoil-Maker.exe
FirewallRules: [{625EDCB0-37C7-4116-B335-41ECDAFDE8DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X-Plane 10\Airfoil-Maker.exe
FirewallRules: [{DA0F4DDF-38CD-4966-84AA-A3952505643B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X-Plane 10\Plane-Maker.exe
FirewallRules: [{62DCDD88-3731-4796-8873-573FF7A041C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X-Plane 10\Plane-Maker.exe
FirewallRules: [TCP Query User{4269E11F-F2BA-4E5D-9F3C-C22C357C08A5}D:\new folder\firefox.exe] => (Allow) D:\new folder\firefox.exe
FirewallRules: [UDP Query User{FF77DCB4-3E31-403E-A5A1-08798766BF75}D:\new folder\firefox.exe] => (Allow) D:\new folder\firefox.exe
FirewallRules: [{306CFE02-CDF8-46C4-BF21-89695474B3CF}] => (Block) D:\new folder\firefox.exe
FirewallRules: [{2C1C093B-CFD9-4D15-92DD-66868661B89D}] => (Block) D:\new folder\firefox.exe
FirewallRules: [{836C494E-4A4F-4001-84DF-A511F34F6A27}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{CC6AE975-76A4-410C-90AD-684F34C835F5}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{CAB60210-0CD5-4C11-A346-7CFD0F19824E}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{4D2B5227-6D49-4EBD-88B5-EDCCD9864443}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [TCP Query User{D3470560-0EE6-40B8-AE65-404869DFD3FD}C:\users\jonathan\desktop\sdi_r169\sdi_r169.exe] => (Allow) C:\users\jonathan\desktop\sdi_r169\sdi_r169.exe
FirewallRules: [UDP Query User{6BDB92ED-3533-42A2-935B-9B356D161EBD}C:\users\jonathan\desktop\sdi_r169\sdi_r169.exe] => (Allow) C:\users\jonathan\desktop\sdi_r169\sdi_r169.exe
FirewallRules: [{49BEABF2-E54D-42C2-AEF1-C6C82179D2BF}] => (Block) C:\users\jonathan\desktop\sdi_r169\sdi_r169.exe
FirewallRules: [{E884F9ED-8A2E-4E17-95F0-7E699FB244E3}] => (Block) C:\users\jonathan\desktop\sdi_r169\sdi_r169.exe
FirewallRules: [{4C71EC49-5833-4D15-ADE9-AC6C763326F9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1E46D4B2-D195-457E-B9A1-05EF0B2A170B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{839A2875-0846-42E2-823C-4571C8F34952}] => (Allow) D:\New folder\firefox.exe
FirewallRules: [{89E86C59-EDC4-44EE-A0E3-B8A494BDADFB}] => (Allow) D:\New folder\firefox.exe
FirewallRules: [{5F9C70A9-3F4E-40F9-B923-6769FD24F88D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 01:36:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/16/2015 10:41:21 AM) (Source: MsiInstaller) (EventID: 1024) (User: Puget-124909)
Description: Product: Adobe Reader XI (11.0.10) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011011}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?Lin...

Error: (05/12/2015 00:20:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/12/2015 00:20:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/12/2015 00:16:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/07/2015 03:50:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/05/2015 00:32:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (04/29/2015 06:03:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/22/2015 11:31:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/17/2015 07:10:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Puget-124909)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (05/25/2015 00:01:48 PM) (Source: DCOM) (EventID: 10010) (User: Puget-124909)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/25/2015 00:01:18 PM) (Source: DCOM) (EventID: 10010) (User: Puget-124909)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/24/2015 00:56:41 PM) (Source: DCOM) (EventID: 10010) (User: Puget-124909)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/24/2015 00:56:11 PM) (Source: DCOM) (EventID: 10010) (User: Puget-124909)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/23/2015 11:47:19 AM) (Source: DCOM) (EventID: 10010) (User: Puget-124909)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/23/2015 11:46:49 AM) (Source: DCOM) (EventID: 10010) (User: Puget-124909)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/22/2015 09:28:39 PM) (Source: DCOM) (EventID: 10010) (User: Puget-124909)
Description: {53362C32-A296-4F2D-A2F8-FD984D08340B}

Error: (05/22/2015 09:28:39 PM) (Source: DCOM) (EventID: 10010) (User: Puget-124909)
Description: {53362C32-A296-4F2D-A2F8-FD984D08340B}

Error: (05/22/2015 09:07:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:53:33 PM on ‎5/‎22/‎2015 was unexpected.

Error: (05/22/2015 08:19:07 AM) (Source: DCOM) (EventID: 10010) (User: Puget-124909)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office:
=========================
Error: (05/20/2015 01:36:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/16/2015 10:41:21 AM) (Source: MsiInstaller) (EventID: 1024) (User: Puget-124909)
Description: Adobe Reader XI (11.0.10){AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)

Error: (05/12/2015 00:20:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/12/2015 00:20:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/12/2015 00:16:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/07/2015 03:50:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/05/2015 00:32:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (04/29/2015 06:03:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (04/22/2015 11:31:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (04/17/2015 07:10:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Puget-124909)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927142


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4930K CPU @ 3.40GHz
Percentage of memory in use: 13%
Total physical RAM: 32707.67 MB
Available physical RAM: 28145.89 MB
Total Pagefile: 37571.67 MB
Available Pagefile: 33429.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.6 GB) (Free:294.65 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:909.61 GB) NTFS
Drive e: () (Fixed) (Total:931.51 GB) (Free:930.84 GB) NTFS
Drive f: (HP OJ8610) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: E42D9872)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 67B2FAD2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 67B2FAD3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================


Report •

#47
June 9, 2015 at 05:30:46
Did you see my post #44

Report •

#48
June 18, 2015 at 13:46:31
I downloaded Ad Muncher. Nothing seems to've changed. :)

Report •

#49
June 18, 2015 at 18:16:27
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


closeprocesses:
emptytemp:
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
AlternateDataStreams: C:\Users\Jonathan\Desktop\CUSP Agreement 2015.jpeg: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Jonathan\Desktop\CUSP Agreement 2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\MountPoints2: {310dfded-f079-11e3-824c-806e6f6e6963} - "F:\Setup.exe"
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
S3 ALSysIO; \??\C:\Users\Jonathan\AppData\Local\Temp\ALSysIO64.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 cpuz135; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GPU-Z; \??\C:\Users\Jonathan\AppData\Local\Temp\GPU-Z.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]


Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

message edited by Johnw


Report •

#50
June 23, 2015 at 08:40:46
OK, I tried to save the blue text into notepad but when I looked, it was in LibreOffice. Since I don't understand WHY you're asking me to do this,I don't know if something's not right. I won't go any further 'til I hear from you. :)

Report •

#51
June 23, 2015 at 13:56:56
"it was in LibreOffice"
How to use notepad windows 8.1
http://bit.ly/1J2YvXz

Report •

#52
June 27, 2015 at 15:13:21
The program is calling the log, FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Jonathan (administrator) on PUGET-124909 on 27-06-2015 18:08:34
Running from C:\Users\Jonathan\Desktop
Loaded Profiles: Jonathan (Available Profiles: Jonathan)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topi...

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) D:\New folder\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) D:\New folder\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\QFSCHD170.EXE [166240 2014-03-14] (Corel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\Run: [Wipe Maintance] => C:\Program Files\Wipe\net1.exe [546456 2015-03-23] (www.privacyroot.com)
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\MountPoints2: {310dfded-f079-11e3-824c-806e6f6e6963} - "F:\Setup.exe"
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ ReadPlease 2003 FREE.lnk [2014-07-21]
ShortcutTarget: ReadPlease 2003 FREE.lnk -> C:\Program Files (x86)\ReadPlease 2003\ReadPlease2003.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ ReadPlease PLUS 2003.lnk [2014-07-21]
ShortcutTarget: ReadPlease PLUS 2003.lnk -> C:\Program Files (x86)\ReadPlease 2003\ReadPleasePlus2003.exe (ReadPlease Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-06-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk [2014-06-09]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Help File and Tutorials.lnk [2014-07-21]
ShortcutTarget: Help File and Tutorials.lnk -> C:\Program Files (x86)\ReadPlease 2003\Help\rphelp.exe (MoneyTree Software Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall ReadPlease 2003.lnk [2014-07-21]
ShortcutTarget: Uninstall ReadPlease 2003.lnk -> C:\Program Files (x86)\ReadPlease 2003\unins000.exe (Jordan Russell)
Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2015-03-23]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1610595117-2105667134-921046427-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pugetsystems.com/welcome...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\upwim1eh.default-1410530680684
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
StartMenuInternet: FIREFOX.EXE - D:\New folder\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-09]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-09]
CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-09]
CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-27]
CHR Extension: (Bookmark Manager) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-12]
CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-09]
CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-09]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service...

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-08] (Broadcom Corporation.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-05-05] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [79136 2013-09-16] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-08] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2014-06-09] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-04-20] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-05-02] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 Spyder4; C:\Windows\System32\drivers\dccmtr.sys [15360 2012-10-02] (Datacolor)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Jonathan\AppData\Local\Temp\ALSysIO64.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 cpuz135; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GPU-Z; \??\C:\Users\Jonathan\AppData\Local\Temp\GPU-Z.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-27 18:02 - 2015-06-27 18:02 - 00001772 _____ C:\Users\Jonathan\Desktop\fixlist.txt
2015-06-24 12:08 - 2015-06-26 13:24 - 00000000 ____D C:\Users\Jonathan\Documents\QR code
2015-06-22 13:58 - 2015-06-22 13:58 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-17 07:57 - 2015-06-17 07:57 - 00000000 ____D C:\ProgramData\Ad Muncher
2015-06-15 08:09 - 2015-06-15 08:29 - 00000000 ____D C:\Users\Jonathan\Desktop\VANTAGGIO
2015-06-12 11:40 - 2015-06-12 11:40 - 00000000 ____D C:\Users\Jonathan\Documents\HTML
2015-06-08 10:14 - 2015-06-08 10:15 - 02870984 _____ (ESET) C:\Users\Jonathan\Desktop\esetsmartinstaller_enu.exe
2015-06-08 08:37 - 2015-06-27 17:59 - 00000000 ____D C:\Users\Jonathan\Desktop\FRST-OlderVersion
2015-06-08 08:31 - 2015-06-08 08:33 - 00000000 ____D C:\Users\Jonathan\Desktop\LOGO
2015-06-03 20:19 - 2015-06-03 20:19 - 00000000 ____D C:\Program Files (x86)\ESET

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-27 18:08 - 2015-04-27 09:14 - 00023122 _____ C:\Users\Jonathan\Desktop\FRST.txt
2015-06-27 18:08 - 2015-04-27 08:57 - 00000000 ____D C:\FRST
2015-06-27 18:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-27 18:00 - 2014-06-10 04:51 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9492103D-2C23-4644-AAA0-3220C4BF820E}
2015-06-27 17:59 - 2015-04-27 09:07 - 02112512 _____ (Farbar) C:\Users\Jonathan\Desktop\FRST64.exe
2015-06-27 17:58 - 2014-06-10 15:44 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\ClassicShell
2015-06-27 17:58 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-27 17:57 - 2014-06-10 04:43 - 01387208 _____ C:\Windows\WindowsUpdate.log
2015-06-27 14:18 - 2014-06-09 15:42 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-27 10:33 - 2014-06-09 16:27 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Adobe
2015-06-27 01:22 - 2014-12-26 23:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-26 13:50 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-26 13:39 - 2015-05-07 07:12 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1610595117-2105667134-921046427-1001
2015-06-26 13:33 - 2014-06-10 04:47 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-26 13:29 - 2014-06-10 18:36 - 00079362 _____ C:\Windows\setupact.log
2015-06-26 13:29 - 2014-06-09 15:42 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-26 13:29 - 2014-06-09 15:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-26 13:29 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-26 13:29 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-25 21:18 - 2014-10-21 16:18 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-23 16:22 - 2014-12-26 23:45 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-22 15:19 - 2014-06-09 15:42 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 15:04 - 2015-05-26 11:55 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CrashDumps
2015-06-22 15:03 - 2014-08-03 23:30 - 00000033 _____ C:\Users\Jonathan\AppData\Roaming\AdobeWLCMCache.dat
2015-06-22 15:03 - 2014-06-10 04:46 - 00000000 ____D C:\Users\Jonathan
2015-06-22 15:02 - 2015-03-30 16:48 - 00000000 ____D C:\ProgramData\Avira
2015-06-22 15:02 - 2015-02-04 11:10 - 00000000 ___RD C:\Users\Jonathan\Creative Cloud Files
2015-06-22 15:02 - 2014-08-24 00:19 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Corel
2015-06-22 15:02 - 2014-08-24 00:18 - 00000000 ____D C:\Users\Public\Documents\WordPerfect Office
2015-06-22 15:02 - 2014-08-24 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X7
2015-06-22 15:02 - 2014-08-24 00:17 - 00000000 ____D C:\ProgramData\Corel
2015-06-22 15:02 - 2014-08-24 00:17 - 00000000 ____D C:\ProgramData\Borland
2015-06-22 15:02 - 2014-08-24 00:17 - 00000000 ____D C:\Program Files\Common Files\Corel
2015-06-22 15:02 - 2014-08-24 00:17 - 00000000 ____D C:\Program Files (x86)\Corel
2015-06-22 15:02 - 2014-08-03 16:49 - 00000000 ___RD C:\Users\Jonathan\Creative Cloud Files ()
2015-06-22 15:02 - 2014-08-03 16:49 - 00000000 ____D C:\Users\Jonathan\Creative Cloud Files ( 1)
2015-06-22 15:02 - 2014-08-03 16:46 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-22 15:02 - 2014-06-09 15:33 - 00000000 ____D C:\ProgramData\Adobe
2015-06-22 15:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\registration
2015-06-22 15:01 - 2014-06-09 15:33 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-16 14:56 - 2014-06-10 17:15 - 02890970 _____ C:\Windows\PFRO.log
2015-06-16 08:30 - 2015-03-30 16:48 - 00001132 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-16 08:30 - 2015-03-30 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-16 08:30 - 2015-03-30 16:48 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-10 09:14 - 2015-03-30 16:48 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-10 09:14 - 2015-03-30 16:48 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-06 21:19 - 2014-12-24 17:28 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-06-06 21:19 - 2014-12-24 17:28 - 00000000 ____D C:\Windows\system32\vbox
2015-06-06 21:18 - 2014-07-19 13:17 - 00000000 ____D C:\ProgramData\AVAST Software
2015-05-30 18:34 - 2014-10-02 17:53 - 00000000 ____D C:\TempDump
2015-05-29 11:07 - 2015-01-04 14:07 - 00000000 ____D C:\Users\Jonathan\Documents\My Kindle Content

==================== Files in the root of some directories =======

2014-07-21 18:56 - 2014-07-21 18:56 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-08-03 23:30 - 2015-06-22 15:03 - 0000033 _____ () C:\Users\Jonathan\AppData\Roaming\AdobeWLCMCache.dat
2015-03-29 18:03 - 2015-03-29 18:03 - 0000218 _____ () C:\Users\Jonathan\AppData\Local\recently-used.xbel
2014-09-09 16:45 - 2014-10-10 02:19 - 0007605 _____ () C:\Users\Jonathan\AppData\Local\resmon.resmoncfg
2015-02-14 19:18 - 2015-04-14 21:34 - 0000015 _____ () C:\Users\Jonathan\AppData\Local\X-Plane_drm.prf
2015-02-14 19:18 - 2015-02-14 19:18 - 0000059 _____ () C:\Users\Jonathan\AppData\Local\x-plane_install_10.txt
2014-12-27 01:04 - 2014-12-27 01:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-09 15:12 - 2014-06-09 15:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-11 22:11 - 2014-12-26 19:36 - 0006227 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\avgnt.exe
C:\Users\Jonathan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jonathan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jonathan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-27 10:59

==================== End of log ============================


Report •

#53
June 27, 2015 at 18:10:08
"The program is calling the log, FRST.txt"
You are not doing it as per instructions in my post #49

Report •

#54
June 29, 2015 at 09:08:02
Maybe you're not explaining yourself enough. As far as I know, I did follow your instructions exactly. I pasted the blue text to my desktop. FRST64 is also on the desktop. Isn't that what you mean by "both things being in the same location?" I'm a Asperger. I follow instructions exactly... but I have to be given precise instructions. What did I do wrong?

Report •

#55
June 29, 2015 at 17:57:44
If you followed these instructions, it will work.

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt

"I pasted the blue text to my desktop"
Give me a screenshot of your desktop please.

message edited by Johnw


Report •

#56
July 1, 2015 at 08:02:34
Could you please tell me where I can go to upload the screenshot. Then I'll post the link here. I searched Google and "How Tos" on these forums but found nothing. I remember doing this before but I can't remember where I uploaded the image. :(

Report •

#57
July 1, 2015 at 08:55:05
You could load the txt file on here:
http://www.zippyshare.com/
(no account needed)

Always pop back and let us know the outcome - thanks


Report •

#58
Report •

#59
July 1, 2015 at 14:55:07
Fixlist.txt is on your desktop - third up from the bottom on the right.

Johnw is in Australia (early morning) so is likely to respond fairly soon.
I just hoped I could keep the wheels rolling on this.

Always pop back and let us know the outcome - thanks


Report •

#60
July 1, 2015 at 16:32:15
Thanks Derek.

Mr.Mag00, right click on fixlist.txt > Properties & give me a screenshot of that please.


Report •

#61
July 9, 2015 at 17:34:41
http://www32.zippyshare.com/v/InZK0...

Did you want all the tabs?


Report •

#62
July 9, 2015 at 23:02:21
"Did you want all the tabs?"
No thanks.

1: Click Change as per SS below.
http://i.imgur.com/bXq2tU6.gif
2: If available, click on > Notepad.
3: If not available, scroll down & click on > More options.
4: Click on > Notepad
5: If still not available, scroll down & click on > Look for another app on this PC.
6: Copy & Paste, type or manually scroll down to C:\Windows\System32 in the Address bar & hit Enter.
7: As per SS below.
http://i.imgur.com/fH8VdQa.gif
8: Click Apply & then Ok.
9: Run FRST.


Report •

#63
July 10, 2015 at 08:45:03
"6: Copy & Paste, type or manually scroll down to C:\Windows\System32 in the Address bar & hit Enter."

Copy & paste WHAT? :)

"type or manually scroll down to"
Where am I typing or scrolling to "C:\Windows\System32" ... in WHAT address bar?

Please understand that my eyesight is very poor... and I'm an ASPERGER. You have to be very clear in speaking to me. My mind works like a simple computer. I can do some things better than most people but when it comes to communication, if you leave something out, I may not be able to follow you.

I didn't see the "open office" thingie 'til you pointed it out.

When I click on CHANGE, I don't get the screen you show. There's no address bar.

Sorry for the hassle.


Report •

#64
July 10, 2015 at 15:29:54
"When I click on CHANGE, I don't get the screen you show"
Give me a SS of the full page please, you may need 2 SS.

Report •

#65
Report •

#66
July 11, 2015 at 17:52:46
All Ok, it is now a Notepad file, all you do is run FRST & it will find it.
http://i.imgur.com/DnAX0I8.gif

Report •

#67
July 13, 2015 at 11:45:02
I ran FRST.
What do I do now?

I'm assuming FRST saw the text and made changes according to that text?
So can you tell me what's next?


Report •

#68
July 13, 2015 at 16:38:32
"I'm assuming FRST saw the text and made changes according to that text?"
No.

As per my post #49.

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#69
July 14, 2015 at 06:13:31
After FRST was done, it said it needed to restart the computer. After the restart, I found Fixlog.txt, and I'm posting it.

------------------------------------------------------------------------------------------------------------------------
Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by Jonathan at 2015-07-14 09:01:58 Run:1
Running from C:\Users\Jonathan\Desktop
Loaded Profiles: Jonathan (Available Profiles: Jonathan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
emptytemp:
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
AlternateDataStreams: C:\Users\Jonathan\Desktop\CUSP Agreement 2015.jpeg: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Jonathan\Desktop\CUSP Agreement 2015.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1610595117-2105667134-921046427-1001\...\MountPoints2: {310dfded-f079-11e3-824c-806e6f6e6963} - "F:\Setup.exe"
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
S3 ALSysIO; \??\C:\Users\Jonathan\AppData\Local\Temp\ALSysIO64.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 cpuz135; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GPU-Z; \??\C:\Users\Jonathan\AppData\Local\Temp\GPU-Z.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
*****************

Processes closed successfully.
C:\ProgramData\TEMP => ":8C35AEA7" ADS removed successfully.
"C:\Users\Jonathan\Desktop\CUSP Agreement 2015.jpeg" => ": 3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Jonathan\Desktop\CUSP Agreement 2015.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-1610595117-2105667134-921046427-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{310dfded-f079-11e3-824c-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{310dfded-f079-11e3-824c-806e6f6e6963} => key not found.
C:\Program Files\CrashPlan\CrashPlanTray.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => key removed successfully
ALSysIO => Service removed successfully
BAPIDRV => Service removed successfully
cpuz135 => Service removed successfully
cpuz136 => Service removed successfully
GPU-Z => Service removed successfully
NvStreamKms => Service removed successfully
nvvad_WaveExtensible => Service removed successfully
EmptyTemp: => 717.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 09:02:15 ====

--------------------------------------------------------------------------------------------------------------------


Report •

#70
July 14, 2015 at 15:19:58
Download Security Check by screen317 from one of the following links and save it to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check.
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#71
August 5, 2015 at 13:28:24
You haven't heard from me for a while because I'm sick. I'll be back as soon as I can.

Thank you for all you've done for me so far. :)


Report •

#72
August 5, 2015 at 15:12:18
Sorry to hear that - hope you get well soon.

Always pop back and let us know the outcome - thanks


Report •

#73
August 5, 2015 at 18:02:38
YW, catch you when you are well again.

Report •

Ask Question