Please help,i cant get rid of alldaysavings ,also http://a.mrktmedia.net and all sorts of popup come and my web pages redirect to downloads and things download even if I say no I have windows 8/asus laptop.

So I have been having issues with my laptop going to blue screen of death and freezing I started a post in Windows 7 , about an hour ago, But I wanted to see if I can get help with the HJT log while I wait for help over there I don't know how to join the 2 post if that what needs to be done Here is my TSG info and my HJT log thanks for all help, I have not owned this lap top very long I purchased it from Aarons rent a center. Paid it off and started having issues



Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 3681 Mb
Graphics Card: AMD Radeon HD 7310 Graphics, 384 Mb
Hard Drives: C: Total - 461788 MB, Free - 414980 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: None


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:53:55 PM, on 7/24/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)

FIREFOX: 29.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Users\aaron\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=45466c31-a8df-07c5-6842-bb40aa26ee5d&searchtype=ds&q={searchTerms}&installDate={installDate}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=45466c31-a8df-07c5-6842-bb40aa26ee5d&searchtype=ds&q={searchTerms}&installDate={installDate}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=45466c31-a8df-07c5-6842-bb40aa26ee5d&searchtype=ds&q={searchTerms}&installDate={installDate}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - https://security.symantec.com/sscv6/.../bin/cabsa.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
O23 - Service: lxea_device - - C:\windows\system32\lxeacoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11098 bytes

On chrome, this site http://www.hao123.com/?tn=98696649_hao_pg opens by itself on a new tab when i open chrome up. I've set it to open to where i set off and it does open previous tabs but hao123 opens up a tab by itself.

There are no random extensions, no toolbars and I've scanned with AdwCleaner which usually gets rid of most of my browser problems.

Hello,

I have some legacy HP convertable tablets that just yesterday around 4pm began detecting and stopping w32.rootkit-gen from installing. I have the latest Avast installed on them and it stopped the install. It was located in a resources folder for actividentity which is an HP tool that lets you log in with smartcards and so on. I was able to run bootscans to remove the file which was found in c:\swsetup\hptools\PTAC_A8.400\AC61X86\ACx98.msi. It appears that the HPtools update is infected? I can't figure out how it got on my computer if it's not an update. Even after the bootscan and clean it still calls for the install. I can't find the "trigger" or where it is calling for the win installer to remove it. Perhaps this is a undetected trojan making the call?

Any information on this would be helpful.

Thanks,
Rob

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8, 64 bit
Processor: Intel(R) Celeron(R) CPU 1017U @ 1.60GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 2
RAM: 3977 Mb
Graphics Card: Intel(R) HD Graphics, 1796 Mb
Hard Drives: C: Total - 291704 MB, Free - 227924 MB;
Motherboard: Dell Inc., 0X2H5X
Antivirus: Windows Defender, Disabled

When I click on any place to log in or just going to another web site I get multiple windows opening up how can I stop this from happening please. I have uninstalled Mozilla then installed it again hopping that was the problem but it wasn't I also get Internet Explorer doing the same thing.

Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-07-2014 01
Ran by Deni at 2014-07-25 13:09:34
Running from C:\Users\Deni\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Amazon Kindle For PC v1.1 (HKCU\...\Amazon Kindle For PC) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
avast! EasyPass (HKLM\...\AI RoboForm) (Version: 7-7-8-128 - AVAST Software)
avast! Internet Security (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Avery Template (HKLM\...\{A760067A-C07E-1033-0000-A764AC000010}) (Version: 2.0.0.0 - Avery)
BlackBerry Desktop Software 6.0.2 (HKLM\...\BlackBerry_Desktop) (Version: 6.0.2.42 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.2 (Version: 6.0.2.42 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C8100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
C8100_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Click'N Design 3D (V5) (HKLM\...\Click'N Design 3D (V5)) (Version: v5.x.x - Stomp Inc.)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{731B0E4D-F4C7-450C-95B0-E1A3176B1C75}) (Version: 1.1.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileOpen Client (HKLM\...\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}) (Version: 3.0.16.879 - FileOpen Systems, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hallmark Card Studio 2008 Deluxe (HKLM\...\{747A6A10-DA58-48C2-A1F0-C15514419C8A}) (Version: 9.0.0.9 - Creative Home)
Hallmark Card Studio 2011 Deluxe (HKLM\...\{62687EAC-F27D-49AC-A0E2-3899B0459113}) (Version: 12.0.2.6 - Hallmark Software)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
HP RC Mirror Driver (Version: 2.0.0.0 - Hewlett-Packard) Hidden
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
IntelliMover (HKLM\...\{B6751A10-2389-4AEF-870A-4DD925F48733}) (Version: 3.63 - Detto Technologies)
iPod for Windows 2006-06-28 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
Livescribe Helper (HKLM\...\Livescribe Helper 1.0.2) (Version: 1.0.2 - Livescribe Inc)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000 - Microsoft Corporation) Hidden
Microsoft Digital Image Suite 2006 (HKLM\...\PictureItSuite_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Digital Image Suite 2006 Editor (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Digital Image Suite 2006 Library (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Greetings 2000 (HKLM\...\{5264E937-B015-11D2-8C0E-00C04FBBCFF9}) (Version: 4.0.0000 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{B6AC9178-8DE8-4654-97C8-7B71C7CBE683}) (Version: 3.50.242.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Picture It! 2000 (HKLM\...\{E78FC917-C21B-11D2-99FE-00105A98B681}) (Version: 4.0.0.0 - Microsoft)
Microsoft Search Enhancement Pack (HKLM\...\{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}) (Version: 3.0.133.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.91.000 - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OverDrive Media Console (HKLM\...\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}) (Version: 3.2.5 - OverDrive, Inc.)
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 5.0 (HKLM\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.00.209 - Panasonic Corporation)
PictureProject (HKLM\...\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}) (Version: 1.0 - )
PictureProject In Touch Downloader 1.0 (HKLM\...\PictureProject In Touch Downloader) (Version: 1.0 - Fotonation Inc.)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
PS_AIO_02_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
vanBasco's Karaoke Player (HKLM\...\VMidi) (Version: - )
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WD Drive Manager (x86) (HKLM\...\{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}) (Version: 2.103 - Western Digital)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version: - WebEx Communications, Inc)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2470467007-3615624817-2011931734-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deni\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2470467007-3615624817-2011931734-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deni\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2470467007-3615624817-2011931734-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deni\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2470467007-3615624817-2011931734-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deni\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2470467007-3615624817-2011931734-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deni\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2470467007-3615624817-2011931734-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deni\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2470467007-3615624817-2011931734-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deni\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2470467007-3615624817-2011931734-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deni\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

16-05-2014 19:03:56 End of disinfection
14-06-2014 00:59:29 Windows Update
02-07-2014 21:53:34 Windows Update
13-07-2014 20:33:24 avast! antivirus system restore point
13-07-2014 20:35:46 Device Driver Package Install: Avast Network Service
23-07-2014 01:49:06 Installed HiJackThis

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09CDC56C-157C-4D97-B694-C954514959BD} - System32\Tasks\{14B3793A-EB0B-422F-9A42-9840F1BD94A4} => C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {14EB18A4-C6D1-4E57-8086-943D4491AA10} - System32\Tasks\{B8026622-9AD3-4356-8649-B6B687800D4C} => C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {1A135B76-F544-477F-905E-E8E0903CDFED} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-13] (AVAST Software)
Task: {25047F3E-1D94-4C4B-9639-E0F1CE75905E} - System32\Tasks\{5EDCAD6D-F5A7-4BDD-BB73-50652E6D0048} => C:\Program Files\Creative Home\Hallmark Card Studio 2008 Deluxe\Hallmark Card Studio 2008.exe [2007-10-03] (Creative Home)
Task: {515DB207-623C-4113-BCD9-7CAD89430F3B} - System32\Tasks\{12C2787B-FF61-4A21-B1FB-12256565DB97} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {5C1C2EAC-91A1-4E3A-898D-3D455E8529A6} - System32\Tasks\{A4FC6B95-5BA4-46AA-834C-E96B9DD9D4BD} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {6E42190C-26A9-407B-9641-114B8F5FAE2E} - System32\Tasks\{E82068A0-FCC9-41A4-BD07-6E61187E06C8} => C:\Users\Deni\Desktop\vanBasco's Karaoke Player\vmidi.exe
Task: {7B2E5C77-7568-4BF2-8D53-55C324331B18} - System32\Tasks\{2329800E-0AD0-4363-9316-EE9B55B62659} => C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)
Task: {7DD1BF38-B372-4F4D-BA7C-67B81F8BE552} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05] (Google Inc.)
Task: {943DD186-E7C3-407F-AB57-AFE4169C1ADF} - System32\Tasks\{C85B9E07-8AA4-4E03-8465-4E7EA3A1FFC2} => C:\Program Files\vanBasco's Karaoke Player\vmidi.exe [2004-03-11] ()
Task: {A3E48FAA-E243-4D8D-B1A7-A7F71243A6C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05] (Google Inc.)
Task: {A4B7423F-40AC-4344-A0DA-50AE8A9AE8EB} - System32\Tasks\{161DDA94-2C3D-4DDC-BA23-B03CD141F01C} => C:\Program Files\vanBasco's Karaoke Player\vmidi.exe [2004-03-11] ()
Task: {AD59AF74-8CB1-4C46-8AC3-88FA20F20A86} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-02-16] (Siber Systems)
Task: {C23D22D1-CED1-40FB-9A75-37C886B6F8B8} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {C77D8EC2-3DF7-4E15-8A7A-D6EA547C6F85} - System32\Tasks\{BF77CC00-8B94-40BD-9C4C-FE8F78DC379A} => C:\Users\Deni\Desktop\vanBasco's Karaoke Player\vmidi.exe
Task: {E5511BA7-A903-43F2-BEDC-881905872DCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E92A3065-6C71-42FE-A543-591E058F4B66} - System32\Tasks\{E4304D56-C64D-4DC0-AA38-55849AE050EE} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {FEE56706-F5E7-491D-A629-3F3F85D78F4B} - System32\Tasks\{67DC3A3E-113B-4C67-8274-E7FAAB80CC76} => C:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe [2009-05-21] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-13 13:35 - 2014-07-13 13:35 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-25 08:45 - 2014-07-25 08:45 - 02794496 _____ () C:\Program Files\AVAST Software\Avast\defs\14072500\algo.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-13 13:35 - 2014-07-13 13:35 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-05 16:35 - 2012-11-05 16:35 - 00276992 ____N () C:\Program Files\Common Files\Livescribe\PenComm\PenCommSdk.dll
2014-07-25 13:05 - 2014-07-25 13:05 - 00043008 _____ () c:\users\deni\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgt8aup.dll
2013-10-18 16:55 - 2013-10-18 16:55 - 25100288 _____ () C:\Users\Deni\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-11 15:57 - 2014-06-28 08:07 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-09 17:12 - 2014-03-09 17:12 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc 7a31a424f0d1ad5f\IsdiInterop.ni.dll
2010-06-30 13:25 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-09 09:40 - 2014-07-09 09:40 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Deni\Documents\FwBlondeBreakdown.eml:OECustomProperty
AlternateDataStreams: C:\Users\Deni\Documents\FWRulestoLiveByFw.eml:OECustomProperty
AlternateDataStreams: C:\Users\Deni\Documents\Hi + resume.eml:OECustomProperty
AlternateDataStreams: C:\Users\Deni\Documents\HMO.eml:OECustomProperty
AlternateDataStreams: C:\Users\Deni\Documents\MarriageOne-liners.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-2470467007-3615624817-2011931734-1000\Software\Classes\.exe: => <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder 2008.lnk => C:\Windows\pss\Event Planner Reminder 2008.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\Windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files\Creative Home\Hallmark Card Studio 2011 Deluxe\ReminderApp.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============

Name: Photosmart C8100 series
Description: Photosmart C8100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2014 03:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17332

Error: (07/24/2014 03:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17332

Error: (07/24/2014 03:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/24/2014 03:58:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16318

Error: (07/24/2014 03:58:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16318

Error: (07/24/2014 03:58:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/24/2014 03:58:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15210

Error: (07/24/2014 03:58:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15210

Error: (07/24/2014 03:58:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/24/2014 03:58:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14165


System errors:
=============
Error: (07/25/2014 01:03:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Installer service failed to start due to the following error:
%%1053

Error: (07/25/2014 01:03:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.

Error: (07/23/2014 00:11:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (07/23/2014 00:11:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PenCommService service.

Error: (07/21/2014 01:53:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:52:01 PM on ‎7/‎21/‎2014 was unexpected.

Error: (07/21/2014 01:21:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (07/18/2014 06:38:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/17/2014 10:50:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (07/17/2014 00:56:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/14/2014 09:32:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================
Error: (12/17/2013 01:13:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 779 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/22/2013 09:39:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 64 seconds with 60 seconds of active time. This session ended with a crash.

Error: (04/18/2012 05:37:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1016 seconds with 600 seconds of active time. This session ended with a crash.

Error: (12/29/2011 05:54:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2555 seconds with 1920 seconds of active time. This session ended with a crash.

Error: (05/11/2011 03:20:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 321570 seconds with 720 seconds of active time. This session ended with a crash.

Error: (05/11/2011 03:20:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 135227 seconds with 1860 seconds of active time. This session ended with a crash.

Error: (09/16/2010 03:24:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1271506 seconds with 180 seconds of active time. This session ended with a crash.

Error: (12/21/2009 09:35:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2010-03-08 09:34:44.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll because the set of per-page image hashes could not be found on the system.

Date: 2010-03-08 08:45:42.610
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll because the set of per-page image hashes could not be found on the system.

Date: 2010-03-08 00:35:05.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll because the set of per-page image hashes could not be found on the system.

Date: 2010-03-04 17:59:37.817
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll because the set of per-page image hashes could not be found on the system.

Date: 2010-03-03 09:16:53.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll because the set of per-page image hashes could not be found on the system.

Date: 2010-03-03 08:59:52.204
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll because the set of per-page image hashes could not be found on the system.

Date: 2010-03-02 22:30:15.184
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll because the set of per-page image hashes could not be found on the system.

Date: 2010-03-02 22:14:03.854
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll because the set of per-page image hashes could not be found on the system.

Date: 2010-03-02 21:48:30.600
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll because the set of per-page image hashes could not be found on the system.

Date: 2010-03-02 21:32:27.600
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_59\midas32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3036.99 MB
Available physical RAM: 1364.03 MB
Total Pagefile: 6072.27 MB
Available Pagefile: 4150.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.14 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.14 GB) (Free:86.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 71B1E4FB)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Ok, I have been forever having a problem with FF memory leaking especially when I play videos or play a FB game like Scrabble, usually it will run easily over 1 MB as soon as a start playing a video, but I normally have a bunch of tabs open as well, and even when the memory is running high, it still would work just real slow. As of today, if I open ANY video in FF, it will run extremely choppy and stuttering and when I look in Task Manager, Firefox.exe and lsass.exe are using 100% of the CPU and firefox will eventually crash. Because I have had this issue ongoing, I keep a good eye on my task manager and i had never seen lsass.exe using any resources. The only addon I use if Adblock. I am using AVG free 2013.
Here are my specs:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
Processor: Genuine Intel(R) CPU 585 @ 2.16GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 1
RAM: 2010 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 781 Mb
Hard Drives: C: Total - 238372 MB, Free - 162992 MB;
Motherboard: Dell Inc., 0G848F
Antivirus: AVG AntiVirus Free Edition 2013, Updated and Enabled

Thanks in advance for any help.

# AdwCleaner v3.216 - Report created 25/07/2014 at 20:39:51
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Laura - LAURA-HP
# Running from : C:\Users\Laura\Downloads\AdwCleaner.exe
# Option : Clean

Folder Deleted : C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ddns2x64.default\Ex tensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v24.7.0 (en-US)

[ File : C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\ddns2x64.default\pr efs.js ]

AdwCleaner[R10].txt - [1552 octets] - [18/06/2014 11:45:15]
AdwCleaner[R11].txt - [2846 octets] - [25/07/2014 20:38:48]
AdwCleaner[R5].txt - [1392 octets] - [09/02/2014 20:46:59]
AdwCleaner[R6].txt - [2827 octets] - [19/04/2014 23:16:40]
AdwCleaner[R7].txt - [1156 octets] - [22/04/2014 20:02:20]
AdwCleaner[R8].txt - [6624 octets] - [29/04/2014 12:28:25]
AdwCleaner[R9].txt - [3055 octets] - [30/04/2014 21:22:59]
AdwCleaner[S10].txt - [1619 octets] - [18/06/2014 11:46:36]
AdwCleaner[S11].txt - [2482 octets] - [25/07/2014 20:39:51]
AdwCleaner[S5].txt - [1352 octets] - [09/02/2014 20:49:06]
AdwCleaner[S6].txt - [2631 octets] - [19/04/2014 23:18:15]
AdwCleaner[S7].txt - [1220 octets] - [22/04/2014 20:05:00]
AdwCleaner[S8].txt - [5056 octets] - [29/04/2014 12:29:17]
AdwCleaner[S9].txt - [3087 octets] - [30/04/2014 21:23:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [2843 octets] ##########

ADWCleaner removes my Yahoo toolbar from FF. I have to put it back on every time after running ADW. Is there any way to save the toolbar??

Hi there
I have a fairly new machine running Windows 8.1. In the last week or so it has given various rundll errors. I have tried to do a system restore but when I get to the System Protection option i get the attached system properties protection error message. In addition to this it has started requesting that I activate windows (it's never asked me to do this before and I assume was activated when I purchased the machine. However, it doesnt allow me to activate and just says

Windows cant activate at this time. Try activating again later. If that doesnt work, contact support.
Admittedly I havent contacted 'support' yet but I cant envisage Microsoft being much assistance.

I deactivated AVG to try running combofix (which I saw on another thread here), but it wouldnt run and gave me the error that ComboFix is not meant to run in Compatibility mode. I haven't attempted to sort that out (but that is why AVG is disabled as you will see below).

I have also just discovered sweetim on the machine which I am about to attempt to remove using SpyHunter.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD A10-6800K APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 19 Stepping 1
Processor Count: 4
RAM: 7366 Mb
Graphics Card: AMD Radeon HD 8670D, 768 Mb
Hard Drives: C: Total - 953516 MB, Free - 887883 MB;
Motherboard: ASUSTeK COMPUTER INC., A88XM-A
Antivirus: AVG AntiVirus Free Edition 2014, Disabled

Attached Images

System Properties Protection Error.PNG (10.8 KB)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Acer (administrator) on ACER-PC on 25-07-2014 12:01:28
Running from C:\Users\Acer\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ITE Tech. Inc.) C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Acer\Acer TouchPortal\THIDTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1347670248\ee\aolsoftware.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\shellmon.exe
(Acer) C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortal.exe
(Microsoft) C:\Program Files (x86)\Acer\Acer TouchPortal\WidgetWindow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TouchPortalV3Launcher] => C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe [428648 2012-03-22] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1347670248\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [MakiwaraNotify] => "C:\Program Files (x86)\AOL Computer Checkup\sdccont.exe" /dummy /cfg "C:\Program Files (x86)\AOL Computer Checkup\uiFramework\common\PCPowerCare.xml" /notificationtoaster /mutexname notificationtoaster /hideWindow
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2298434403-1123355418-3109287670-1000\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Acer\AppData\Local\Conduit\BackgroundContainer\Backgrou (the data entry has 24 more characters).
HKU\S-1-5-21-2298434403-1123355418-3109287670-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE [72296 2014-06-05] (AOL Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - Winster Toolbar - {196252dc-bf6d-4aa2-bb39-038d9495b561} - C:\Users\Acer\AppData\LocalLow\Winster\prxtbWin0.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - Default Value = {bec79ff7-1ff3-9b04-a162-b51749558d60}
URLSearchHook: HKCU - FCToolbarURLSearchHook Class - {bec79ff7-1ff3-9b04-a162-b51749558d60} - C:\Program Files (x86)\InboxDollars\Helper.dll ()
URLSearchHook: HKCU - Winster Toolbar - {196252dc-bf6d-4aa2-bb39-038d9495b561} - C:\Users\Acer\AppData\LocalLow\Winster\prxtbWin0.dll (ClientConnect Ltd.)
SearchScopes: HKLM-x32 - {271673D2-A743-423C-87BB-BFBFA09C0973} URL =
SearchScopes: HKLM-x32 - {AA80A14E-8F5D-4DD1-A868-54A4C59F266C} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKCU - DefaultScope {8E3753FB-E089-4602-BC61-B4AC620824AD} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= 4&UP=SPB86A283F-4948-4927-A6C9-3B0CB7DE66CA&q={searchTerms}&SSPV=
SearchScopes: HKCU - {271673D2-A743-423C-87BB-BFBFA09C0973} URL = http://www.inboxdollars.com/search/results?ourmark=4&q={searchTerms}
SearchScopes: HKCU - {3FEBFFE5-ADBE-41CD-86FA-83C3CBC4F0AB} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US636&p={SearchTerms}
SearchScopes: HKCU - {67360399-4254-4293-A841-0B00689CEA86} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT672154&CUI=UN24448550 233020024&UM=2
SearchScopes: HKCU - {8E3753FB-E089-4602-BC61-B4AC620824AD} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Winster Toolbar -> {196252dc-bf6d-4aa2-bb39-038d9495b561} -> C:\Users\Acer\AppData\LocalLow\Winster\prxtbWin0.dll (ClientConnect Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IEHlprObj Class -> {8CA5ED52-F3FB-4414-A105-2E3491156990} -> C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: InboxDollars BHO -> {ACE8B0DF-127A-C054-117D-816951AE85BC} -> C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} -> c:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - InboxDollars - {3FABEEE8-9237-CDE4-D1F2-6648F4D1C386} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
Toolbar: HKLM-x32 - Winster Toolbar - {196252dc-bf6d-4aa2-bb39-038d9495b561} - C:\Users\Acer\AppData\LocalLow\Winster\prxtbWin0.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKCU - No Name - {3FABEEE8-9237-CDE4-D1F2-6648F4D1C386} - No File
Toolbar: HKCU - No Name - {196252DC-BF6D-4AA2-BB39-038D9495B561} - No File
Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-03-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-16]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP68A8E F47-3E09-4899-B2E8-930EBFE948CB&SSPV=SE1CGNB2_sp_ch
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPB86A2 83F-4948-4927-A6C9-3B0CB7DE66CA&SSPV="
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: https://search.yahoo.com/search?fr=mcafee&type=A211US636&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll ()
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dl l ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Coupons Inc., Coupon Printer) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.650.20) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U65) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (SiteAdvisor) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-09]
CHR Extension: (http://www.playandwin.co.uk/) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlphadkabgoaknocpnagnlepidpmahe [2014-02-22]
CHR Extension: (Hello Kitty) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mioiobnjjjgemkflahplehgpkbjcojld [2014-02-04]
CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-07-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 Update Deal Keeper; "C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
S2 MCSTRM; No ImagePath
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S1 eqnugeqn; \??\C:\Windows\system32\drivers\eqnugeqn.sys [X]
S1 jhstogfk; \??\C:\Windows\system32\drivers\jhstogfk.sys [X]
S1 kosyirho; \??\C:\Windows\system32\drivers\kosyirho.sys [X]
S1 nasetlag; \??\C:\Windows\system32\drivers\nasetlag.sys [X]
S1 yhrsyuwl; \??\C:\Windows\system32\drivers\yhrsyuwl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 12:01 - 2014-07-25 12:02 - 00027821 _____ () C:\Users\Acer\Desktop\FRST.txt
2014-07-25 12:01 - 2014-07-25 12:01 - 00000000 ____D () C:\FRST
2014-07-25 12:00 - 2014-07-25 12:00 - 02093568 _____ (Farbar) C:\Users\Acer\Desktop\FRST64.exe
2014-07-25 12:00 - 2014-07-25 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-25 11:52 - 2014-07-25 11:52 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-25 11:45 - 2014-07-25 11:45 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Acer\Desktop\tdsskiller.exe
2014-07-25 03:08 - 2014-07-25 03:08 - 00886288 _____ (Microsoft Corporation) C:\Users\Acer\Downloads\mssstool64.exe
2014-07-25 02:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-25 02:38 - 2014-07-25 02:41 - 00000000 ____D () C:\AdwCleaner
2014-07-24 13:51 - 2014-07-24 13:51 - 00098304 _____ () C:\Users\Acer\AppData\Local\aqkvljop.exe
2014-07-24 11:41 - 2014-07-24 11:41 - 00098304 _____ () C:\Users\Acer\AppData\Local\khlcgear.exe
2014-07-24 00:27 - 2014-07-24 00:27 - 00094208 _____ (Microsoft Corporation) C:\Users\Acer\AppData\Local\kcqpilcp.exe
2014-07-23 19:14 - 2014-07-23 19:15 - 00094208 _____ (Microsoft Corporation) C:\Users\Acer\AppData\Local\qbwvovdg.exe
2014-07-23 12:26 - 2014-07-23 12:26 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-23 12:26 - 2014-07-23 12:26 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-23 12:26 - 2014-07-23 12:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-23 12:26 - 2014-07-23 12:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-23 12:26 - 2014-07-23 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-23 12:26 - 2014-07-23 12:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-23 12:25 - 2014-07-23 12:25 - 00000000 ____D () C:\ProgramData\374311380
2014-07-23 12:22 - 2014-07-23 12:38 - 00000000 ____D () C:\Program Files (x86)\Deal Keeper
2014-07-23 12:22 - 2014-07-23 12:22 - 00000000 ____D () C:\Users\Acer\AppData\Local\IsolatedStorage
2014-07-23 12:21 - 2014-07-23 12:25 - 00000000 ____D () C:\Users\Acer\AppData\Local\StormAlerts
2014-07-23 12:20 - 2014-07-23 12:20 - 00921512 _____ (Oracle Corporation) C:\Users\Acer\Downloads\jxpinstall [1].exe
2014-07-23 12:20 - 2014-07-23 12:20 - 00767824 _____ ( ) C:\Users\Acer\Downloads\jxpinstall.exe
2014-07-22 20:27 - 2014-07-22 20:27 - 00071400 _____ () C:\Users\Acer\Downloads\E-ZPass_Chesapeake_23320.zip
2014-07-16 21:18 - 2014-07-25 11:55 - 00001792 _____ () C:\Windows\setupact.log
2014-07-16 21:18 - 2014-07-16 21:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 03:08 - 2014-07-16 03:08 - 29420456 _____ (Oracle Corporation) C:\Users\Acer\Downloads\jre-7u65-windows-i586 (1).exe
2014-07-16 03:07 - 2014-07-16 03:07 - 29420456 _____ (Oracle Corporation) C:\Users\Acer\Downloads\jre-7u65-windows-i586.exe
2014-07-16 03:06 - 2014-07-16 03:06 - 00918440 _____ (Oracle Corporation) C:\Users\Acer\Downloads\JavaSetup7u65.com
2014-07-16 03:04 - 2014-07-16 03:04 - 00918440 _____ (Oracle Corporation) C:\Users\Acer\Downloads\JavaSetup7u65.exe
2014-07-16 03:00 - 2014-07-16 03:00 - 00000000 ____D () C:\Program Files\Java
2014-07-16 02:59 - 2014-07-16 02:59 - 31012776 _____ (Oracle Corporation) C:\Users\Acer\Downloads\jre-7u65-windows-x64.exe
2014-07-16 02:24 - 2014-07-16 02:24 - 00918952 _____ (Oracle Corporation) C:\Users\Acer\Downloads\chromeinstall-7u65 (3).exe
2014-07-16 02:17 - 2014-07-16 02:17 - 00918952 _____ (Oracle Corporation) C:\Users\Acer\Downloads\chromeinstall-7u65 (2).exe
2014-07-16 02:11 - 2014-07-16 02:11 - 00918952 _____ (Oracle Corporation) C:\Users\Acer\Downloads\chromeinstall-7u65 (1).exe
2014-07-16 02:10 - 2014-07-16 02:10 - 00000583 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 02:07 - 2014-07-16 02:07 - 00918952 _____ (Oracle Corporation) C:\Users\Acer\Downloads\chromeinstall-7u65.exe
2014-07-13 12:34 - 2014-07-13 12:34 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
2014-07-10 03:16 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 03:16 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 03:16 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 03:16 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 03:16 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 03:16 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 03:16 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 03:16 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 03:16 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 03:16 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 03:16 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 03:16 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 03:16 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 03:16 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 03:16 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 03:16 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 03:16 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 03:16 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 03:16 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 03:16 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 03:16 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 03:16 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 03:15 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 03:15 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 03:15 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 03:15 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 03:15 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 03:15 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 03:15 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 03:15 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 03:15 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 03:15 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 03:15 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 03:15 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 03:15 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 03:15 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 03:15 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 03:15 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 03:15 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 03:15 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 03:15 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 03:15 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 03:15 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 03:15 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 03:15 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 03:15 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 03:15 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 03:15 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 03:15 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 03:15 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 03:15 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 03:15 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 03:15 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 03:15 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 03:15 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 03:15 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 03:15 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 03:15 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 03:15 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 03:15 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 03:15 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 03:15 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 03:15 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 03:15 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 03:15 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 03:15 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 03:15 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 03:15 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 03:15 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 03:15 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 03:15 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 03:15 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 03:15 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 03:15 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 03:15 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 03:15 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 03:15 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 03:15 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 03:15 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 03:15 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 03:15 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-01 02:46 - 2014-07-01 02:57 - 00000000 ____D () C:\Program Files (x86)\AOL Desktop 9.7a

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 12:02 - 2014-07-25 12:01 - 00027821 _____ () C:\Users\Acer\Desktop\FRST.txt
2014-07-25 12:02 - 2013-11-18 19:01 - 00000378 _____ () C:\Windows\Tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job
2014-07-25 12:01 - 2014-07-25 12:01 - 00000000 ____D () C:\FRST
2014-07-25 12:00 - 2014-07-25 12:00 - 02093568 _____ (Farbar) C:\Users\Acer\Desktop\FRST64.exe
2014-07-25 12:00 - 2014-07-25 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-25 12:00 - 2012-05-18 10:42 - 01153682 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 11:57 - 2013-09-17 20:49 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Acer-PC-Acer Acer-PC
2014-07-25 11:57 - 2012-09-07 11:29 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\TouchGadget
2014-07-25 11:55 - 2014-07-16 21:18 - 00001792 _____ () C:\Windows\setupact.log
2014-07-25 11:55 - 2013-04-13 00:41 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-25 11:55 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 11:52 - 2014-07-25 11:52 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-25 11:45 - 2014-07-25 11:45 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Acer\Desktop\tdsskiller.exe
2014-07-25 11:42 - 2012-09-14 21:27 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps
2014-07-25 11:37 - 2013-04-13 00:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-25 11:35 - 2012-04-09 10:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 11:25 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 11:25 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 03:25 - 2012-04-09 10:38 - 00000000 ____D () C:\ProgramData\Temp
2014-07-25 03:08 - 2014-07-25 03:08 - 00886288 _____ (Microsoft Corporation) C:\Users\Acer\Downloads\mssstool64.exe
2014-07-25 02:41 - 2014-07-25 02:38 - 00000000 ____D () C:\AdwCleaner
2014-07-24 22:09 - 2010-11-20 23:47 - 00233048 _____ () C:\Windows\PFRO.log
2014-07-24 13:51 - 2014-07-24 13:51 - 00098304 _____ () C:\Users\Acer\AppData\Local\aqkvljop.exe
2014-07-24 11:41 - 2014-07-24 11:41 - 00098304 _____ () C:\Users\Acer\AppData\Local\khlcgear.exe
2014-07-24 00:27 - 2014-07-24 00:27 - 00094208 _____ (Microsoft Corporation) C:\Users\Acer\AppData\Local\kcqpilcp.exe
2014-07-23 19:15 - 2014-07-23 19:14 - 00094208 _____ (Microsoft Corporation) C:\Users\Acer\AppData\Local\qbwvovdg.exe
2014-07-23 12:51 - 2012-11-13 20:23 - 00000000 ____D () C:\Users\Acer\.frostwire5
2014-07-23 12:38 - 2014-07-23 12:22 - 00000000 ____D () C:\Program Files (x86)\Deal Keeper
2014-07-23 12:27 - 2013-10-16 19:32 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-23 12:26 - 2014-07-23 12:26 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-23 12:26 - 2014-07-23 12:26 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-23 12:26 - 2014-07-23 12:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-23 12:26 - 2014-07-23 12:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-23 12:26 - 2014-07-23 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-23 12:26 - 2014-07-23 12:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-23 12:25 - 2014-07-23 12:25 - 00000000 ____D () C:\ProgramData\374311380
2014-07-23 12:25 - 2014-07-23 12:21 - 00000000 ____D () C:\Users\Acer\AppData\Local\StormAlerts
2014-07-23 12:25 - 2012-09-25 00:23 - 00003446 _____ () C:\Windows\wininit.ini
2014-07-23 12:22 - 2014-07-23 12:22 - 00000000 ____D () C:\Users\Acer\AppData\Local\IsolatedStorage
2014-07-23 12:20 - 2014-07-23 12:20 - 00921512 _____ (Oracle Corporation) C:\Users\Acer\Downloads\jxpinstall [1].exe
2014-07-23 12:20 - 2014-07-23 12:20 - 00767824 _____ ( ) C:\Users\Acer\Downloads\jxpinstall.exe
2014-07-23 11:40 - 2014-03-16 17:55 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-22 20:27 - 2014-07-22 20:27 - 00071400 _____ () C:\Users\Acer\Downloads\E-ZPass_Chesapeake_23320.zip
2014-07-21 17:50 - 2009-07-14 01:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-19 15:09 - 2012-12-25 11:05 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-18 11:38 - 2012-09-19 09:23 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype
2014-07-18 11:37 - 2014-05-26 16:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-18 11:37 - 2012-04-09 10:38 - 00000000 ____D () C:\ProgramData\Skype
2014-07-16 21:18 - 2014-07-16 21:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 03:08 - 2014-07-16 03:08 - 29420456 _____ (Oracle Corporation) C:\Users\Acer\Downloads\jre-7u65-windows-i586 (1).exe
2014-07-16 03:07 - 2014-07-16 03:07 - 29420456 _____ (Oracle Corporation) C:\Users\Acer\Downloads\jre-7u65-windows-i586.exe
2014-07-16 03:06 - 2014-07-16 03:06 - 00918440 _____ (Oracle Corporation) C:\Users\Acer\Downloads\JavaSetup7u65.com
2014-07-16 03:04 - 2014-07-16 03:04 - 00918440 _____ (Oracle Corporation) C:\Users\Acer\Downloads\JavaSetup7u65.exe
2014-07-16 03:00 - 2014-07-16 03:00 - 00000000 ____D () C:\Program Files\Java
2014-07-16 02:59 - 2014-07-16 02:59 - 31012776 _____ (Oracle Corporation) C:\Users\Acer\Downloads\jre-7u65-windows-x64.exe
2014-07-16 02:51 - 2012-09-07 11:24 - 00000000 ____D () C:\Users\Acer
2014-07-16 02:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-07-16 02:24 - 2014-07-16 02:24 - 00918952 _____ (Oracle Corporation) C:\Users\Acer\Downloads\chromeinstall-7u65 (3).exe
2014-07-16 02:17 - 2014-07-16 02:17 - 00918952 _____ (Oracle Corporation) C:\Users\Acer\Downloads\chromeinstall-7u65 (2).exe
2014-07-16 02:11 - 2014-07-16 02:11 - 00918952 _____ (Oracle Corporation) C:\Users\Acer\Downloads\chromeinstall-7u65 (1).exe
2014-07-16 02:10 - 2014-07-16 02:10 - 00000583 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 02:07 - 2014-07-16 02:07 - 00918952 _____ (Oracle Corporation) C:\Users\Acer\Downloads\chromeinstall-7u65.exe
2014-07-13 13:00 - 2012-11-13 20:23 - 00000000 ____D () C:\Program Files (x86)\FrostWire 5
2014-07-13 12:34 - 2014-07-13 12:34 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
2014-07-12 01:42 - 2012-11-13 20:23 - 00000000 ____D () C:\Users\Acer\FrostWire
2014-07-11 12:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 11:43 - 2009-07-14 00:45 - 01800432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 03:39 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 03:39 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 03:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 03:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-11 03:04 - 2013-08-15 05:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 03:02 - 2012-09-14 20:06 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-11 00:46 - 2013-09-15 19:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-09 01:35 - 2012-04-09 10:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 01:35 - 2012-04-09 10:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 01:35 - 2012-04-09 10:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-01 03:08 - 2012-12-25 11:17 - 00000000 ____D () C:\Users\Acer\Documents\Stuff
2014-07-01 02:57 - 2014-07-01 02:46 - 00000000 ____D () C:\Program Files (x86)\AOL Desktop 9.7a
2014-07-01 02:56 - 2013-10-03 18:14 - 00000934 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop 9.7.lnk
2014-07-01 02:56 - 2013-10-03 18:11 - 00064235 _____ () C:\install.log
2014-07-01 02:56 - 2012-09-14 20:51 - 00001002 _____ () C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
2014-07-01 02:56 - 2012-09-14 20:51 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\AOL
2014-07-01 02:56 - 2012-09-14 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2014-07-01 02:48 - 2012-09-14 20:50 - 00000000 ____D () C:\Users\Acer\AppData\Local\AOL
2014-07-01 02:46 - 2012-09-14 20:50 - 00000000 ____D () C:\ProgramData\AOL
2014-06-29 22:09 - 2014-07-10 03:16 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-10 03:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Acer\AppData\Local\Temp\CloudBackup7530.exe
C:\Users\Acer\AppData\Local\Temp\optprosetup.exe
C:\Users\Acer\AppData\Local\Temp\SHSetup.exe
C:\Users\Acer\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Acer\AppData\Local\Temp\{105B358C-9F34-4DB8-AE90-10500C369862}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 12:04

==================== End Of Log ============================

Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Do you have a spare monitor you can test it with? Or even hook the PC up to a TV screen?

I had to change from XP to Windows 7. Easy enough but old hard drive died. I backed up all the information to an external hard drive then used Microsoft's Easy Transfer to move information from old PC to new hard drive. I installed Windows 7 32 bit on new ( used) hard drive and installed MS Office and other programs. I updated IE to most current version and added Firefox. I am running McAfee for security.

All seemed to be well when last Wednesday ( 7/23) I started to get the following message every time I tried to use IE. The message is " A website wants to open web content using this program on your computer. This program will open outside of protected mode. IE's Protected Mode helps protect your computer. Name: Adobe Flashruntime
Publisher Adobe Systems Inc
ALLOW DONT ALLOW

Every time I try to DONT allow or close this window, I get all kinds of ad popping up or the PC slows down to the point I can hardly get anything done.

What is going on? I seem to have better luck with Firefox but the above message started to appear on Firefox also. Virus????

Please offer ANYTHING TO make this STOP!!!!

Cheffy D
Illinois

I have a virus that runs as "iexplore.exe" and eats up 100% CPU.

I've attached my ComboFix log. Any help? Thanks.

[EDIT] Also attached what MSE could not fix.

Attached Images

error_dos.png (41.4 KB)

Attached Files

DadComboFix.txt (105.9 KB)

Hey all! I'm new to the forums and decided I would go here for some help with a problem I've been facing. This might get fairly lengthy... ok so to start the computer I have I think is called the UP pavilion and I have windows 7 on it. For over a year now I've been noticing that my computer was getting slower and slower and I think it finally gave in today. Before this I got antimalwarebytes and spybot search and destroy to get some of the malware off my computer because it had TONS (my brother tried to speed up youtube and my dad downloaded free "antiviruses" which were actually viruses). I started doing this only because my PC games were starting to get EXTREMELY slow. So after I got rid of all the malware and spyware or so I thought since malwarebytes and search and destroy no longer found anything. I went on to go back to gaming for a week. My games were still kinda slow but playable. Just today one of my games, league of legends, did not open at all. This was when things started to get really weird! I restarted my computer and turned it back on and noticed that my window style and the appearance of my desktop changed and looks much older now. I also lost my internet connection even though my internet everywhere else still works and it says that my audio cant and wont play. A message just popped up on my computer saying HOFF.exe has stopped working. I tried to reset my internet connection through cmd and nothing worked. I have no idea what happened to my computer. I tried restarting it and get nothing.

Please help! I am thankful for any help I can get!

Hello,

I have a laptop running windows vista (it's incapable of running anything better) which has overnight seemingly run into a series of serious issues. Please take note, non of these symptoms were apparent last night. They are in no particular order:

Avira: Avira antivirus unable to complete scan, the program will start but will make no progress and close after a few moments with no error message. (Interestingly Malwarebytes is uneffected, yet finds nothing of note.) Avira fireewall and pc protection apparently ok (though this is obviously bs)

Keyboard: wont recognise most inputs save for down arrow and the letter K. at which point it wil type ( k*6------- ..etc ad infinitum), this is what really worries me.

Mouse: Strange mouse movements, will select bottom most option above all others in any list in windows automatically. click and drag also effected, causes mouse to drag all items down

Screen: takes a long time to show desktop when opening primary account, sometimes will show nothing but a mouse on black screen untill reboot.Guest account unaffected by screen problem but others seem to persist.

In terms of a symptom rundown i understand this might seem a little random, please understand that its hard to run some basic tests with no keyboard. Mouse problem is managable as it is intermitent rather than persistant and finally that keeyboard problems are not limited to windows but pre-windows boot as well (I cant access boot menu for instance, nor select safe mode on reboot)

This might all be way to much, in which case i shall take it to my local shop. They are, however, highly overpriced and lazy so i thought i should find some other advice first.

Thankyou for you time

Please help

Whatever name.

-----------------------------------------------------------
Be sure to read the information in these threads about Windows XP risks and options:

• Derek's post here is a view of the risks : End of Support For Windows XP
  You have already taken this risk with an SP2 machine, and lost the bet.
  
  
• My post concentrates on software options for saving the machine: Windows XP - The Elephant In The Room
  Read it very carefully.
  Your machine will support the simplest of Linux systems, but really will not be satisfactory with ANY of the newer Windows.

I don't think trying to Fix this will produce a good result.
Almost all of our Fixing tools actually require XP Service Pack 3 to work, and installing Service pack 3 on an infected machine will usually fail or produce an unstable system.
This may be why the programs you are trying to use don't work.
Windows SP3 came out in 2008, and Support for SP2 ended in 2010.

All I can do for you is post this information for you to pass on:

If your Yahoo mail account has been hacked, it may not have anything to do with you.
If you contact Yahoo, they will tell you to use a more secure password.
That's good advice, but not necessarily the source of the problem.
There is a fair likelihood that the fault lies with Yahoo servers.
Yahoo has been unwilling or unable to make their e-mail service adequately secure.
IT experts have blogged about it for years.
If criminals can hack into Yahoo servers, they can get all your information, including your passwords, e-mails and recipients addresses.
The resulting spam is sometimes just a nuisance, but sometimes it's porn.
Some recent articles:
http://www.huffingtonpost.com/2013/0...n_3366259.html
http://arstechnica.com/security/2013...s-hack-attack/
Yahoo even has a plan to recycle inactive user IDs ! :
http://www.webpronews.com/yahoo-rais...-plans-2013-06

Until things change, I would suggest you save any critical Yahoo e-mails and address book(s), then establish a new e-mail account with a different provider.
Your Internet Service provider will likely offer free e-mail accounts.
I would then delete everything in all Yahoo e-mail folders (inbox, sent box, trash/deleted box), and delete your Yahoo account(s)..
Directions on how to save the Yahoo address book are here:
http://email.about.com/od/yahoomailt...dress_Book.htm
Yahoo directions on backing up e-mails are here: https://help.yahoo.com/kb/back-emails-sln5033.html

Here is the log you attached. As this is the second run and it is still showing quite a lot of deletions I would recommend you run it again to make sure everything has gone, some items of Adware come back after deletion and need further action to completely remove them.

Please run the scan again and post the log produced after the reboot. Please Copy & Paste it into your reply, logs only need to be attached if they are too big to post.

# AdwCleaner v3.300 - Report created 27/07/2014 at 17:54:00
# Updated 27/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : LORIEBEGIN - LORIEBEGIN-PC
# Running from : C:\Users\LORIEBEGIN\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Tâches planifiées ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gkjoindjjcmbdpbfppabdgflnkgbbcli
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287805
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287811
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291327
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3300236
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cisco-network-magic_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cisco-network-magic_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{946665EC-EE4E-D038-1590-06215E5B7AC7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{946665EC-EE4E-D038-1590-06215E5B7AC7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{946665EC-EE4E-D038-1590-06215E5B7AC7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{946665EC-EE4E-D038-1590-06215E5B7AC7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v

[ File : C:\Users\LORIEBEGIN\AppData\Roaming\Mozilla\Firefox\Profiles\0eu43xg8.defau lt\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\LORIEBEGIN\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc

*************************

AdwCleaner[R0].txt - [108204 octets] - [27/07/2014 17:49:47]
AdwCleaner[R1].txt - [9539 octets] - [27/07/2014 17:53:09]
AdwCleaner[S0].txt - [5513 octets] - [27/07/2014 17:52:25]
AdwCleaner[S1].txt - [8829 octets] - [27/07/2014 17:54:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8889 octets] ##########

Soo my Google searches seem to get redirected. An example: I type Minecraft, it searches, I hover over the top link where it shows www.minecraft.net, I then click the link at it redirects tp searches7.org which asks to "click here" if the the page does not load, that redirects to [numbers].pub.ezana.org/[followed by randomness].

I have tried a lot of ways to remove it;

• Norton 360
• Malwarebytes
• JRT
• NPE
• HiJackThis
• AdwCleaner
• Spybot S&D

So many things, running full system scans and still no luck.