All exe files present Bad Image Error Message Windows

[JMCJR]

Yesterday morning, my wife sat down at her desk and saw nothing but a bad image error window for an application. Computer had apparently rebooted overnight and in trying to x/close the window, wouldn't allow this, had to click on OK and that just presented a similar window for a different program - this happened over and over again, many times, apparently for every program that was trying to launch on startup. Searched and searched on another PC for what this might be - was finally able to run AVG which found something (I can't recall what) but indicated it couldn't be repaired/healed. Ended up trying multiple things throughout the day - ran Vipre according to those instructions in Safe Mode, ran SFS Scannow, Malwarebytes, AVG - all multiple times and in Safe Mode. Nothing (at least no threats related to fixing this problem) turned up. Found a post at this website/forum last night that referred to Combofix, but everything I see on this particular tool indicates that it isn't wise to use without expert assistance. This problem is like no other I've experienced, crippling. Help would be very much appreciated!

 

A bit more info - almost every single error indicated the program was "either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support". I believe above this the window showed the program (program.exe) - Bad Image and the path C:\progra~1\movies~1 (example)\datamngr.dll. There was one instance noted that said: IAStorIcon.exe - Application Error Application has generated an exception that could not be handled. Process ID = 0X514 (1300), Thread ID = 0Xbf4 (3060) Click OK to terminate the application. Click CANCEL to debug the application.

Edited February 14, 2015 by JMCJR

[Juliet]

Hi

I'm going to move this topic to the Have I been HiJacked forum where we can continue.

[Juliet]

Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
• Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
• Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

   

[JMCJR]

should I do this in safe mode or boot as normal?

[JMCJR]

Nevermind about safe mode, sure you would have told me to do it that way if that was the case. Ran the tool - here you go:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015
Ran by LAdams (administrator) on LADAMS-PC on 15-02-2015 10:55:55
Running from C:\Users\LAdams\Downloads
Loaded Profiles: LAdams & LogMeInRemoteUser & JimC (Available profiles: LAdams & LogMeInRemoteUser & JimC)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
( ) C:\Windows\System32\dlcqcoms.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbamservice.exe
(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Vertical Communications, Inc.) C:\Program Files\Common Files\Vertical\Wave\TvWksSvc.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbam.exe
(Vertical Communications, Inc.) C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpgradeService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
() C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Vertical Communications, Inc.) C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpdater.exe
(Google Inc.) C:\Users\LAdams\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [startCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-09-05] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-20] (Wondershare)
HKLM\...\Run: [dlcqmon.exe] => C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [292080 2007-06-29] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 966\memcard.exe [304368 2007-06-29] ()
HKLM\...\Run: [DLCQCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [ViewPoint Updater] => C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpdater.exe [105984 2014-03-13] (Vertical Communications, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Run: [Google Update] => C:\Users\LAdams\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-14] (Google Inc.)
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Run: [DellSystemDetect] => C:\Users\LAdams\AppData\Local\Apps\2.0\NAM2XBH9.1EZ\7VVTT26N.LD3\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-11-21] (Dell)
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: K - K:\TL-Bootstrap.exe
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: {28ee7430-0357-11e3-a67a-a4badbfe84e2} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: {de4de88a-d6e6-11e2-abae-a4badbfe84e2} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: {de4de8ba-d6e6-11e2-abae-a4badbfe84e2} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\...\Run: [Gadwin PrintScreen] => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2010-10-14] (Gadwin Systems, Inc)
HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\...\Run: [Gadwin PrintScreen] => C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2010-10-14] (Gadwin Systems, Inc)
HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: c:\progra~1\movies~1\datamngr\mgrldr.dll => c:\Program Files\MOVIES~1\DATAMNGR\MGRLDR.DLL [20 2015-02-13] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\LAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wave ViewPoint.lnk
ShortcutTarget: Wave ViewPoint.lnk -> C:\Program Files\Vertical Wave\ViewPoint\Vertical.Wave.ViewPoint.exe (Vertical Communications, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart૧ҰdConfigure Windows Automatic Updates to automatically download and install the latest Windows updatesங૧ҰgThe Windows Automatic Updates Service keeps your computer up to date with the latest Windows components૧ҰdConfigure Windows Automatic Updates to automatically download and install the latest Windows updatesங૧Ұ`Your Internet Explorer home page may have been changed by a virus or other malicious application剴୲ங૧ҰdIf your computer is attacked by a Denial of Service attack, your system's ports may become exhaustedங૧ҰbFind references to programs intended to start with Windows that no longer exist or have been moved୲ங૧Ұa\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sitesell.com\sbiapps䶤୲ங૧ҰdConfigure Windows Automatic Updates to automatically download and install the latest Windows updatesங૧ҰdIf your computer is attacked by a Denial of Service attack, your system's ports may become exhaustedퟬங૧Ұe\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t-mobilepictures.com\www힬ங૧Ұ`Your Internet Explorer home page may have been changed by a virus or other malicious applicationwww훬ங૧ҰbFind references to programs intended to start with Windows that no longer exist or have been moved୲홬ங૧Ұ`c:\windows\temp\avg_a01576\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\locale\es-es\al.dtd૧՘૶͐૶ǀ૶૵૵૵૵૵૵૵૵¨૶ʈ૶Ѩ૶و૶ވ૶ING译ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATIONୃ㫸Ꮟ㫸ᏏNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING祁ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING舱ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING苡ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING莑ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING葁ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING蓱ᅃҰNSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING眱ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING耡ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING蜁ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING螱ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING衡ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING褑ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING见ᅃҰOSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHINGᦐᅃҰMSOFTWARE\Microsoft\Internet Explorer\UnattendBackup\ActiveSetup\FavoritesListe話ᅃҰMSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SECURITYBANDautocheck smrgdf C:\Users\LAdams\AppData\Roaming\iolo\

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.yahoo.com/
HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM -> DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0F0EzzyE0EtB0EtBzyyBtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1278724260
SearchScopes: HKLM -> Backup.Old.DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0F0EzzyE0EtB0EtBzyyBtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1278724260
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6843BA33-065B-4E14-9213-D5EAC80D2AAD}&mid=d1da7403ff134815bd37424079e3fc53-0a7050c7fc9a6c2277b74f8c6d07172b279c6194&lang=us&ds=AVG&pr=fr&d=2011-12-11 09:22:13&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9} URL = http://isearch.avg.com/search?cid={6843BA33-065B-4E14-9213-D5EAC80D2AAD}&mid=d1da7403ff134815bd37424079e3fc53-0a7050c7fc9a6c2277b74f8c6d07172b279c6194&lang=us&ds=AVG&pr=fr&d=2011-12-11 09:22:13&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL =
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6843BA33-065B-4E14-9213-D5EAC80D2AAD}&mid=d1da7403ff134815bd37424079e3fc53-0a7050c7fc9a6c2277b74f8c6d07172b279c6194&lang=us&ds=AVG&pr=fr&d=2011-12-11 09:22:13&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> DefaultScope {367368C9-63EC-48F7-8E10-E9A80932854D} URL = http://search.avg.com/route/?d=4cc474d2&v=7.4.22.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> {367368C9-63EC-48F7-8E10-E9A80932854D} URL = http://search.avg.com/route/?d=4cc474d2&v=7.4.22.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL =
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6843BA33-065B-4E14-9213-D5EAC80D2AAD}&mid=d1da7403ff134815bd37424079e3fc53-0a7050c7fc9a6c2277b74f8c6d07172b279c6194&lang=us&ds=AVG&pr=fr&d=2011-12-11 09:22:13&v=10.2.0.3&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL =
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6843BA33-065B-4E14-9213-D5EAC80D2AAD}&mid=d1da7403ff134815bd37424079e3fc53-0a7050c7fc9a6c2277b74f8c6d07172b279c6194&lang=us&ds=AVG&pr=fr&d=2011-12-11 09:22:13&v=10.2.0.3&sap=dsp&q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{4F7F2D01-D3A7-4CEC-8EAD-B35584C5E295}: [NameServer] 209.18.47.61,209.18.47.62
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @citrixonline.com/appdetectorplugin -> C:\Users\LAdams\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\LAdams\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @screenleap.com/ScreenleapPlugin,version=1.1 -> C:\Users\LAdams\AppData\Local\Screenleap\npscreenleap1.1.dll (ScreenLeap, Inc.)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\LAdams\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @talk.google.com/O1DPlugin -> C:\Users\LAdams\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @tools.google.com/Google Update;version=3 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @tools.google.com/Google Update;version=9 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\LAdams\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\LAdams\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\LAdams\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\Extensions\LogMeInClient@logmein.com [2013-06-22]
FF Extension: Ghostery - C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\Extensions\firefox@ghostery.com.xpi [2013-08-02]
FF Extension: QuickJava - C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2011-08-06]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-26]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-03-30]

Chrome:
=======
CHR Profile: C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (AVG Safe Search) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-09-11]
CHR Extension: (AVG Secure Search) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-09-11]
CHR Extension: (Google Wallet) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Signals by HubSpot) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2014-05-21]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 dlcq_device; C:\Windows\system32\dlcqcoms.exe [537480 2006-12-12] ( )
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-07-02] (Macrovision Europe Ltd.) [File not signed]
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-06-09] (iolo technologies, LLC)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 TvWksSvc; C:\Program Files\Common Files\Vertical\Wave\TvWksSvc.exe [130560 2014-03-12] (Vertical Communications, Inc.) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-12-15] (Logitech Inc.)
R2 ViewPointUpgradeService; C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpgradeService.exe [14336 2014-03-13] (Vertical Communications, Inc.) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5295616 2010-01-28] (ATI Technologies Inc.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [299552 2014-11-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2014-06-09] (EldoS Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [133632 2012-01-30] (HTC Corporation)
S3 ICDUSB2; C:\Windows\System32\Drivers\ICDUSB2.sys [39048 2002-11-28] (Sony Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2014-06-09] (Raxco Software, Inc.)
R3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-09-14] (Wondershare)
R3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-09-14] (Wondershare)
R3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-09-14] (Wondershare)
R3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-09-14] (Wondershare)
R3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-09-14] (Wondershare)
S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 10:55 - 2015-02-15 10:56 - 00034587 _____ () C:\Users\LAdams\Downloads\FRST.txt
2015-02-15 10:55 - 2015-02-15 10:56 - 00000000 ____D () C:\FRST
2015-02-15 10:53 - 2015-02-15 10:53 - 01125888 _____ (Farbar) C:\Users\LAdams\Downloads\FRST.exe
2015-02-13 17:40 - 2015-02-13 18:33 - 00022865 _____ () C:\Windows\system32\avgrep.txt
2015-02-13 16:00 - 2014-06-09 13:47 - 00026248 _____ (EldoS Corporation) C:\Windows\system32\Drivers\ElRawDsk.sys
2015-02-13 15:58 - 2015-02-13 15:58 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2015-02-13 15:58 - 2015-02-13 15:58 - 00000000 ____D () C:\Windows\system32\config\Before Compact
2015-02-13 15:57 - 2015-02-13 15:57 - 00000000 ____D () C:\Windows\system32\config\Original
2015-02-13 15:55 - 2015-02-13 15:55 - 00002220 _____ () C:\Users\LAdams\Desktop\System Mechanic.lnk
2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\Users\LAdams\AppData\Roaming\ioloGovernor
2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-02-13 15:55 - 2014-06-09 14:18 - 00041616 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2015-02-13 15:55 - 2014-06-09 14:18 - 00023568 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2015-02-13 15:55 - 2014-06-09 14:08 - 02097984 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator32.dll
2015-02-13 15:55 - 2014-06-09 13:47 - 00068464 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2015-02-13 15:55 - 2014-06-09 13:47 - 00056200 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2015-02-13 15:53 - 2015-02-13 15:58 - 00000000 ____D () C:\Users\LAdams\AppData\Roaming\iolo
2015-02-13 15:53 - 2015-02-13 15:53 - 35982168 _____ (iolo technologies, LLC ) C:\Users\LAdams\Downloads\SystemMechanic_12.7.1.12.exe
2015-02-13 11:50 - 2015-02-13 13:25 - 00000000 ____D () C:\VIPRERESCUE
2015-02-13 11:50 - 2013-09-04 13:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-02-13 11:50 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-02-09 17:00 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-09 17:00 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-09 17:00 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-09 17:00 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-09 17:00 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-09 16:57 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-09 16:57 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-09 16:57 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-09 16:57 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-09 16:57 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-09 16:57 - 2014-11-21 20:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-09 16:57 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-09 16:57 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-09 16:57 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-09 16:57 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-09 16:57 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-09 16:57 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-09 16:57 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-09 16:57 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-09 16:57 - 2014-11-21 19:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-09 16:57 - 2014-11-21 19:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-09 16:57 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-09 16:57 - 2014-11-21 19:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-09 16:57 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-09 16:57 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-09 16:57 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-09 16:57 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-09 16:57 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-09 16:57 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-09 16:57 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-09 16:57 - 2014-11-21 19:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-09 16:57 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-09 16:57 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-09 16:57 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-09 16:57 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-09 16:57 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-09 16:57 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-09 16:56 - 2014-12-18 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-09 16:56 - 2014-12-18 19:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-09 16:56 - 2014-12-11 11:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-09 16:56 - 2014-12-05 21:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-09 16:56 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-09 16:56 - 2014-11-10 19:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-09 16:56 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-09 16:56 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-09 16:55 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-09 16:55 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-09 16:55 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-09 16:55 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-09 16:55 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-09 15:39 - 2015-02-09 18:47 - 00000000 ____D () C:\Users\LAdams\Documents\CRM 2015
2015-02-01 10:27 - 2015-02-01 10:27 - 00000000 ____D () C:\Users\LAdams\AppData\Local\Wickr, LLC
2015-02-01 10:14 - 2015-02-01 10:14 - 00001211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Wickr - Top Secret Messenger.lnk
2015-02-01 10:14 - 2015-02-01 10:14 - 00001205 _____ () C:\Users\Public\Desktop\Wickr - Top Secret Messenger.lnk
2015-02-01 10:14 - 2015-02-01 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wickr - Top Secret Messenger
2015-02-01 10:14 - 2015-02-01 10:14 - 00000000 ____D () C:\Program Files\Wickr Inc
2015-01-30 18:35 - 2015-01-30 18:36 - 62029824 _____ () C:\Users\LAdams\Downloads\Wickr-TopSecretMessenger-2.2.2.msi
2015-01-30 17:26 - 2015-01-30 17:26 - 00000000 ____D () C:\Users\LAdams\Documents\1099 FORMS 01_30_2015
2015-01-30 16:05 - 2015-02-09 16:20 - 00000000 ____D () C:\Users\LAdams\Documents\Samsung 2015
2015-01-30 16:04 - 2015-01-30 16:04 - 00891421 _____ () C:\Users\LAdams\Desktop\Samsung_USA_Order_Forms_Resellers_112514_Rev1.xlt
2015-01-26 09:12 - 2015-01-26 09:13 - 00000000 ____D () C:\Users\LAdams\Documents\Jerry's Accident Christmas 2014
2015-01-21 17:54 - 2015-02-09 16:31 - 00000000 ____D () C:\Users\LAdams\Documents\Produce Pro
2015-01-21 09:49 - 2015-01-21 09:50 - 03275232 _____ () C:\Users\LAdams\Downloads\faxUploadSetup.exe
2015-01-19 11:44 - 2015-02-09 16:12 - 00000000 ____D () C:\Users\LAdams\Documents\MSB Connect
2015-01-18 12:10 - 2015-02-13 17:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-16 17:15 - 2015-01-16 17:16 - 00646648 _____ (Cisco WebEx LLC) C:\Users\LAdams\Downloads\Cisco_WebEx_Add-On.exe
2015-01-16 14:19 - 2015-01-16 14:19 - 00138952 _____ (Zoom Video Communications, Inc.) C:\Users\LAdams\Downloads\RingCentral_launcher(3).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 10:54 - 2014-07-08 09:14 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1540194735-2960423807-4092532110-1000.job
2015-02-15 10:53 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 10:53 - 2009-07-13 22:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 10:52 - 2010-10-15 10:33 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 10:51 - 2009-07-13 22:55 - 01409036 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 10:50 - 2010-10-24 12:02 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2015-02-15 10:48 - 2014-11-17 23:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 10:47 - 2013-04-03 16:10 - 00000000 ____D () C:\Program Files\Dl_cats
2015-02-15 10:45 - 2014-01-28 07:57 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-15 10:45 - 2014-01-28 07:57 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-02-15 10:45 - 2011-04-07 19:31 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-15 10:44 - 2010-10-15 12:19 - 00259084 _____ () C:\Windows\PFRO.log
2015-02-15 10:44 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 10:44 - 2009-07-13 22:39 - 00054509 _____ () C:\Windows\setupact.log
2015-02-14 17:20 - 2013-03-18 08:09 - 00000000 ____D () C:\Users\LAdams\Desktop\Misc
2015-02-14 12:28 - 2013-04-10 14:29 - 00000000 ____D () C:\Users\LAdams\Documents\ZohoMeeting
2015-02-14 12:26 - 2012-10-12 09:16 - 00000000 ____D () C:\Users\LAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDFMate
2015-02-14 12:26 - 2012-10-12 09:16 - 00000000 ____D () C:\Program Files\PDFMate
2015-02-14 12:26 - 2010-10-15 10:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-14 12:24 - 2014-08-27 08:34 - 00000000 ____D () C:\Program Files\Applian Technologies
2015-02-14 12:24 - 2010-10-19 18:55 - 00000000 ____D () C:\Users\LAdams
2015-02-14 11:20 - 2010-10-24 16:50 - 00000000 ____D () C:\Users\LAdams\Documents\Outlook Files
2015-02-13 17:12 - 2014-12-02 13:24 - 00000000 ____D () C:\ProgramData\iolo
2015-02-13 17:12 - 2014-09-05 20:53 - 00000000 ____D () C:\Program Files\AVG Secure Search
2015-02-13 17:12 - 2013-02-17 19:21 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-13 17:12 - 2011-10-07 08:26 - 00000000 ____D () C:\Program Files\WinHTTrack
2015-02-13 17:11 - 2014-11-23 11:46 - 00000000 ____D () C:\Windows\Minidump
2015-02-13 17:11 - 2014-10-08 10:45 - 00000000 ____D () C:\Users\LAdams\Documents\TLIE
2015-02-13 17:11 - 2014-09-04 12:34 - 00000000 ____D () C:\Users\LAdams\Documents\Spivey & Grigg
2015-02-13 17:11 - 2014-02-23 12:55 - 00000000 ____D () C:\Users\LAdams\Documents\First Presbyterian Midland
2015-02-13 17:11 - 2014-02-12 15:39 - 00000000 ____D () C:\Users\LAdams\Documents\My CamStudio Temp Files
2015-02-13 17:11 - 2013-10-14 17:03 - 00000000 ____D () C:\Users\LAdams\Documents\Phillip Godwin
2015-02-13 17:11 - 2013-09-30 12:00 - 00000000 ____D () C:\Users\LAdams\Documents\LOA
2015-02-13 17:11 - 2013-09-26 10:25 - 00000000 ____D () C:\Users\LAdams\Documents\PCHAS
2015-02-13 17:11 - 2013-09-24 14:21 - 00000000 ____D () C:\Users\LAdams\Documents\Knight Office Solutions
2015-02-13 17:11 - 2013-06-05 06:31 - 00000000 ____D () C:\Users\LAdams\Documents\Leads Group
2015-02-13 17:11 - 2013-01-09 11:10 - 00000000 ____D () C:\Users\LAdams\Documents\Finley Company
2015-02-13 17:11 - 2012-08-13 15:47 - 00000000 ____D () C:\Users\LAdams\Documents\Payroll
2015-02-13 17:11 - 2012-05-16 15:45 - 00000000 ____D () C:\Users\LAdams\Documents\ShaferFirm
2015-02-13 17:11 - 2012-05-02 08:32 - 00000000 ____D () C:\Users\LAdams\Documents\Ebay
2015-02-13 17:11 - 2012-04-23 11:22 - 00000000 ____D () C:\Users\LAdams\Documents\TODO
2015-02-13 17:11 - 2012-02-20 18:49 - 00000000 ____D () C:\Users\LAdams\Documents\TexasCathConf
2015-02-13 17:11 - 2012-01-27 16:27 - 00000000 ____D () C:\Users\LAdams\Documents\PremierResMrtg
2015-02-13 17:11 - 2012-01-02 17:51 - 00000000 ____D () C:\Users\LAdams\Documents\AccesslineDPS
2015-02-13 17:11 - 2011-12-10 20:34 - 00000000 ____D () C:\Users\LAdams\Documents\Adams
2015-02-13 17:11 - 2011-06-22 14:02 - 00000000 ____D () C:\Users\Public\Documents\LunchnLearn+SBI
2015-02-13 17:11 - 2011-05-06 15:44 - 00000000 ____D () C:\Users\LAdams\Documents\Water Source One
2015-02-13 17:11 - 2011-03-31 16:14 - 00000000 ____D () C:\Users\LAdams\Documents\48 East Avenue
2015-02-13 17:11 - 2011-03-03 09:29 - 00000000 ____D () C:\Users\LAdams\Documents\TXCampforEnviron
2015-02-13 17:11 - 2011-02-11 17:53 - 00000000 ____D () C:\Users\LAdams\Documents\SBI Site 2011
2015-02-13 17:11 - 2011-01-25 19:02 - 00000000 ____D () C:\Users\LAdams\Documents\Spiceworks
2015-02-13 17:11 - 2010-12-08 14:34 - 00000000 ____D () C:\Users\LAdams\Documents\User Guides
2015-02-13 17:06 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-13 16:16 - 2014-11-14 13:04 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1540194735-2960423807-4092532110-1000UA.job
2015-02-13 16:08 - 2012-09-28 22:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-13 15:55 - 2014-12-02 13:24 - 00000000 ____D () C:\Program Files\iolo
2015-02-13 13:44 - 2014-11-17 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-13 13:44 - 2013-04-30 12:42 - 00000000 ____D () C:\Program Files\MALWAREBYTES ANTI-MALWARE
2015-02-13 13:44 - 2012-10-08 10:18 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-13 02:16 - 2014-11-14 13:04 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1540194735-2960423807-4092532110-1000Core.job
2015-02-11 23:41 - 2011-07-21 19:58 - 00000000 ____D () C:\Users\JimC
2015-02-10 09:58 - 2012-06-11 15:36 - 00000000 ____D () C:\Users\LAdams\Documents\ScannedforJim
2015-02-09 20:21 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2015-02-09 17:09 - 2010-10-19 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-09 17:07 - 2013-08-12 07:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-09 16:42 - 2012-08-03 14:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-09 16:42 - 2009-07-13 22:33 - 00435960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-09 16:30 - 2011-03-31 16:15 - 00000000 ____D () C:\Users\LAdams\Documents\Recipes
2015-02-09 16:27 - 2014-08-19 10:17 - 00000000 ____D () C:\Users\LAdams\Documents\Website 2014
2015-02-09 16:15 - 2010-12-27 10:49 - 00342528 _____ () C:\Users\LAdams\Documents\Sales_Tax_1_(1).xls
2015-02-09 16:05 - 2013-09-25 15:38 - 00000000 ____D () C:\Users\LAdams\Documents\Texas Associates
2015-02-04 19:08 - 2012-05-02 10:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 19:08 - 2011-07-02 15:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-03 19:37 - 2014-08-27 10:36 - 00000000 ____D () C:\Users\LAdams\Documents\Terrill-Waldrop
2015-01-30 17:10 - 2010-11-12 12:51 - 00000000 ____D () C:\Users\LAdams\AppData\Local\Google
2015-01-29 17:21 - 2014-11-26 18:14 - 00000000 ____D () C:\Users\LAdams\Documents\Troublemaker 2014
2015-01-28 12:40 - 2014-10-09 18:32 - 00268090 _____ () C:\dlcq.log
2015-01-27 12:24 - 2014-06-03 18:43 - 00000000 ____D () C:\Users\LAdams\Documents\Samsung
2015-01-16 17:16 - 2011-02-07 17:50 - 00000000 ____D () C:\Users\LAdams\AppData\Local\WebEx
2015-01-16 17:16 - 2011-02-07 17:48 - 00000000 ____D () C:\ProgramData\WebEx

==================== Files in the root of some directories =======

2013-06-27 05:43 - 2014-06-23 05:15 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-02-12 16:17 - 2014-02-12 16:17 - 0000050 _____ () C:\Users\LAdams\AppData\Roaming\Camdata.ini
2014-02-12 16:17 - 2014-02-12 16:17 - 0000408 _____ () C:\Users\LAdams\AppData\Roaming\CamLayout.ini
2014-02-12 16:17 - 2014-02-12 16:17 - 0000408 _____ () C:\Users\LAdams\AppData\Roaming\CamShapes.ini
2014-02-12 16:17 - 2014-02-12 16:17 - 0004546 _____ () C:\Users\LAdams\AppData\Roaming\CamStudio.cfg
2010-10-26 07:12 - 2013-07-18 18:14 - 0038403 _____ () C:\Users\LAdams\AppData\Roaming\Comma Separated Values (Windows).ADR
2011-08-26 08:06 - 2011-08-26 08:06 - 0022849 _____ () C:\Users\LAdams\AppData\Roaming\UserTile.png
2014-02-12 14:51 - 2014-02-12 14:51 - 0000096 _____ () C:\Users\LAdams\AppData\Roaming\version2.xml
2011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\Users\LAdams\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122
2011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122
2014-12-30 19:36 - 2014-12-30 19:36 - 0004996 _____ () C:\ProgramData\vczcspay.tpu

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 00:34

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-02-2015
Ran by LAdams at 2015-02-15 10:57:38
Running from C:\Users\LAdams\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 9 Pro (HKLM\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Adobe Connect 9 Add-in) (Version: 11,2,385,0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies)
AVG 2011 (Version: 10.0.1434 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.4257 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Management Programs (HKLM\...\{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}) (Version: 12.35.01 - Broadcom Corporation)
CameraHelperMsi (Version: 13.40.836.0 - Logitech) Hidden
ccc-core-static (Version: 2010.0127.2258.41203 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Citrix Online Launcher (HKLM\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Photo AIO Printer 966 (HKLM\...\Dell Photo AIO Printer 966) (Version: - Dell, Inc.)
Dell System Detect (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
DESI Labeling System (HKLM\...\DESI Labeling System 3.2.2.0) (Version: 3.1.10.1 - DESI Telephone Labels, Inc.)
DESI Labeling System (Version: 3.2.2.0 - DESI Telephone Labels, Inc.) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Digital Voice Editor 3 (HKLM\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.3.01.11240 - Sony Corporation)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.5 - Gadwin Systems, Inc.)
Gadwin ScreenRecorder (32-Bit) (HKLM\...\{964E5657-3679-4A23-8E59-13970C26A2E1}) (Version: 3.0.2.0 - Gadwin Systems)
Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
GoToMeeting 6.4.12.2331 (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\GoToMeeting) (Version: 6.4.12.2331 - CitrixOnline)
HTML-Kit (HKLM\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
InstantOffice 2.0 Client-Side Cache (HKLM\...\InstantOffice 2.0 Client-Side Cache) (Version: - )
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iolo technologies' System Mechanic (HKLM\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.7.1 - iolo technologies, LLC)
iSqFt Full Viewer V4.01 (HKLM\...\{19A71C4F-94D9-44EA-AC98-FF8A045273AB}) (Version: - )
iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LinkedIn Outlook Connector (HKLM\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LogMeIn (HKLM\...\{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}) (Version: 4.1.1586 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Of

[Juliet]

Your additions txt was cut off, we'll continue but may need a new one later.

 

Running from C:\Users\LAdams\Downloads

 

It's best we move Farbar's to desktop.

 

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT

Go to an open spot on your desktop, right click and select PASTE

You should now have Farbar Recovery Scan Tool on your desktop.

 

Open notepad.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

 

 

start

CloseProcesses:

AppInit_DLLs: c:\progra~1\movies~1\datamngr\mgrldr.dll => c:\Program Files\MOVIES~1\DATAMNGR\MGRLDR.DLL [20 2015-02-13] ()

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\browsemngr.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browsermngr.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe

IFEO\cltmngsvc.exe: [Debugger] tasklist.exe

IFEO\delta babylon.exe: [Debugger] tasklist.exe

IFEO\delta tb.exe: [Debugger] tasklist.exe

IFEO\delta2.exe: [Debugger] tasklist.exe

IFEO\deltainstaller.exe: [Debugger] tasklist.exe

IFEO\deltasetup.exe: [Debugger] tasklist.exe

IFEO\deltatb.exe: [Debugger] tasklist.exe

IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe

IFEO\iminentsetup.exe: [Debugger] tasklist.exe

IFEO\rjatydimofu.exe: [Debugger] tasklist.exe

IFEO\sweetimsetup.exe: [Debugger] tasklist.exe

IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe

URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File

URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File

URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File

SearchScopes: HKLM -> DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmood...B&cr=1278724260

SearchScopes: HKLM -> Backup.Old.DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9} URL = http://www.bing.com/...rc=IE-SearchBox

SearchScopes: HKLM -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmood...B&cr=1278724260

SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}

SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FF SearchEngineOrder.1: Ask.com

FF Homepage: hxxp://duckduckgo.com/

FF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Ask.xml

FF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml

CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - No Path

2011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\Users\LAdams\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122

2011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~~~~`

 

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

~~~~

please post

Fixlog.txt

C:\AdwCleaner.txt

JRT.txt

[JMCJR]

Here you go . . .

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-02-2015
Ran by LAdams at 2015-02-15 13:56:26 Run:1
Running from C:\Users\LAdams\Desktop
Loaded Profiles: LAdams & LogMeInRemoteUser & JimC (Available profiles: LAdams & LogMeInRemoteUser & JimC)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
AppInit_DLLs: c:\progra~1\movies~1\datamngr\mgrldr.dll => c:\Program Files\MOVIES~1\DATAMNGR\MGRLDR.DLL [20 2015-02-13] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM -> DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmood...B&cr=1278724260
SearchScopes: HKLM -> Backup.Old.DefaultScope {8EC25BA8-D8D3-4E27-837D-A863C33EB534}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL = http://start.funmood...B&cr=1278724260
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://duckduckgo.com/
FF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - No Path
2011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\Users\LAdams\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122
2011-04-20 18:03 - 2011-04-20 18:03 - 0001626 ___SH () C:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"c:\progra~1\movies~1\datamngr\mgrldr.dll" => Value Data removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => Key deleted successfully.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9}" => Key deleted successfully.
HKCR\CLSID\{731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EC25BA8-D8D3-4E27-837D-A863C33EB534}" => Key deleted successfully.
HKCR\CLSID\{8EC25BA8-D8D3-4E27-837D-A863C33EB534} => Key not found.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\S-1-5-21-1540194735-2960423807-4092532110-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox homepage deleted successfully.
C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Ask.xml => Moved successfully.
C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\searchplugins\Search.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully.
C:\Users\LAdams\AppData\Local\e1jfwcf2fw3u872lgs54ld248yfgrue122 => Moved successfully.
C:\ProgramData\e1jfwcf2fw3u872lgs54ld248yfgrue122 => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 385 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:10:20 ====

 

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 14:27:01
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : LAdams - LADAMS-PC
# Running from : C:\Users\LAdams\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater18.1.9
Service Found : AVG Security Toolbar Service

***** [ Files / Folders ] *****

File Found : C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\invalidprefs.js
File Found : C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\user.js
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\AVG Security Toolbar
Folder Found : C:\Program Files\AVG\AVG10\Toolbar
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\Users\LAdams\AppData\Local\AVG Secure Search
Folder Found : C:\Users\LAdams\AppData\Local\AVG Security Toolbar
Folder Found : C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\LAdams\AppData\Local\iLivid
Folder Found : C:\Users\LAdams\AppData\Local\PackageAware
Folder Found : C:\Users\LAdams\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\LAdams\AppData\LocalLow\AVG Security Toolbar

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{731B0DB2-705E-3ED6-0F15-3DCF0E50E5E9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Found : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Description
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Uniblue
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[4p125r55.default] - Line Found : user_pref("Smartbar.ConduitSearchEngineList", "KnowMore Customized Web Search");
[4p125r55.default] - Line Found : user_pref("Smartbar.ConduitSearcity.typeaheadfind.flashBar", 0);
[4p125r55.default] - Line Found : user_pref("backup.old.browser.search.defaultenginename", "AVG Secure Search");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.aflt", "adknlg");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.autoRvrt", false);
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.dfltLng", "");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.dfltSrch", true);
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.dnsErr", true);
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.envrmnt", "production");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.excTlbr", false);
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.hmpg", true);
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0F0EzzyE0EtB0EtBzyyBtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=127872426[...]
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.id", "A4BADBFE84E2E297");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.instlDay", "15549");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.instlRef", "adknlg");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0F0EzzyE0EtB0EtBzyyBtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1278724[...]
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.prdct", "funmoods");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.tlbrId", "base");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0F0EzzyE0EtB0EtBzyyBtN0D0Tzu0CtBtCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=12787[...]
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods_i.newTab", true);
[4p125r55.default] - Line Found : user_pref("extensions.funmoods_i.smplGrp", "none");
[4p125r55.default] - Line Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:55:17");
[4p125r55.default] - Line Found : user_pref("extensions.xpiState", "{\"app-profile\":{\"firefox@ghostery.com\":{\"d\":\"C:\\\\Users\\\\LAdams\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4p125r55.default\\\\extensions\\\[...]

-\\ Google Chrome v

[C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla
*************************

AdwCleaner[R0].txt - [14782 bytes] - [15/02/2015 14:27:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14842 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x86
Ran by LAdams on Sun 02/15/2015 at 15:05:03.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}



~~~ Files

Successfully deleted: [File] "C:\Windows\System32\Tasks\pcdeventlaunchertask"
Successfully deleted: [File] C:\Windows\System32\Tasks\task120682607



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\LAdams\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\LAdams\appdata\locallow\pcdr"
Successfully deleted: [Folder] "C:\Users\LAdams\Local Settings\Application Data\blekkotb_soc"
Successfully deleted: [Folder] "C:\Program Files\privacysafeguard"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{02790CEC-EB66-4777-BA34-952013588D92}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{08E64C46-D4EE-4F4A-B9DA-F0DC021D17BE}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{0FD5B3F9-A5F5-4B9E-A647-576DC497C92F}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{107E97FB-BD3B-4704-BFD2-592B73963769}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{1D385AD5-7AB4-4440-B1A7-5E57BF012330}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{21245404-2714-4880-8067-E7EFE4B59E1D}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{34AF7580-5017-4B98-8F19-F72533C010A9}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{3800EF1A-A9D2-49D7-92E9-A20BE0E5D30C}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{40CAAB72-E751-41D7-9573-D06EA7B611A0}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{434C3233-6FC4-463E-850F-A2D8BC24CCD9}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{50B8DC13-2705-4988-A811-5545AA9CDD7E}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{53C2E616-8042-4CC0-B535-31511BE127E2}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{5BAB08C5-8B5C-473C-B656-524719EA2938}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{677459C0-10A7-483E-B2B2-CC09BFEF8F96}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{681E5F02-7AC7-40E3-9B33-E51FFD5A84BD}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{69531484-E70A-4C7B-B4E1-20C6F54F249A}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{6B364422-0862-4E92-B1EA-AA43C0B8B7C2}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{6D685804-D429-4DC1-A69B-9DB74592CDB8}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{6FE4AD7F-DC32-49E6-9722-FA8E45AD03F5}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{7226E780-4E7A-4CEA-A53F-74DD8B16D6A5}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{8AD93339-3FC9-4F65-AE0F-002643D783C1}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{8FF6F75D-95E9-43BF-9F50-D5BBEDC0022C}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{9BC727D2-1BF5-4564-BB4C-A8FE2EF4A7D6}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{9BE2CCB8-EE38-4D7A-84D1-AEE935EEE7C5}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{A54FB0FB-1BC6-4456-A0C1-444771EE0480}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{A72E613F-39CA-47E7-ACDB-D188074D2B0F}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{C0030923-7DB6-470D-839F-B682601B68D6}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{C5C230A4-3105-4FD1-8D4F-3F18667C49E2}
Successfully deleted: [Empty Folder] C:\Users\LAdams\appdata\local\{F4F80C49-9CAC-485E-8E9F-CB81E44ACD52}



~~~ FireFox

Successfully deleted the following from C:\Users\LAdams\AppData\Roaming\mozilla\firefox\profiles\4p125r55.default\prefs.js

user_pref("CT2132127_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1389832199583,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:55:17");
Emptied folder: C:\Users\LAdams\AppData\Roaming\mozilla\firefox\profiles\4p125r55.default\minidumps [179 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/15/2015 at 15:07:07.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Juliet]

Good deal

 

Let's scan again with AdwCleaner this time let's allow it to quarantine what it finds.

• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner.txt) will open. Copy the contents of the log and paste in your next reply.
• -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner.txt.

How's the computer now?

[JMCJR]

Laurie here (Jim's wife) and I've been following all your instructions today - I could not be more impressed or more grateful. The computer seems to be operating normally now (what do I know?) The bad image error windows are not coming up on reboots. I will run the scan again per your instruction and paste the results shortly (I assume AdwCleaner automatically quarantines as part of "Clean"). How appropriate that your image is an angel!

[JMCJR]

Okay, ran scan with AdwCleaner and AVG Security Toolbar appeared to be the only thing under Services once the scan finished. Rebooted per instruction and here is the report: Is my PC optimal and health again?

 

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 19:19:27
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : LAdams - LADAMS-PC
# Running from : C:\Users\LAdams\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[x] Not Deleted : AVG Security Toolbar Service

***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Description

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v

[C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla

*************************

AdwCleaner[R0].txt - [14922 bytes] - [15/02/2015 14:27:01]
AdwCleaner[R1].txt - [1117 bytes] - [15/02/2015 19:09:58]
AdwCleaner[s0].txt - [15596 bytes] - [15/02/2015 14:54:47]
AdwCleaner[s1].txt - [1051 bytes] - [15/02/2015 19:19:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1110 bytes] ##########

[Juliet]

Laurie, nice to meet you too.

 

Is my PC optimal and healthy again?

I'm not able to say yet, we're not finished but as far as I can see for right now it should be much better.

 

 

iolo System Mechanic isn't recommended because it can possibly harm more then help.

 

~~~~~~~~~~~~~~`

Please run a Threat Scan with Malwarebytes' Anti-Malware.

 

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

 

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

~~~~~~~~~~~~~~~`

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

ESET Online Scan

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme.
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points.
• Click and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.

======================================================

 

Please post these 2 logs when finished.

[JMCJR]

I immediately deleted iolo and have run the Malwarebytes scan according to your instructions.

 

Scan completed successfully! No malicious items were detected!

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/16/2015
Scan Time: 12:13:36 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.16.07
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: LAdams

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404682
Time Elapsed: 14 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

I will reply again with the Eset log when that scan has completed.

[JMCJR]

MyEsetScan:

 

C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_(1).exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

[Juliet]

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_(1).exe

C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_.exe

EmptyTemp:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~~~~~~

 

Please post

Fixlog.txt

 

 

How is the computer now?

[JMCJR]

Computer is GOOD. Wouldn't have any idea anything was wrong (there is probably often/always something wrong we don't detect?) So relieved I found help here. Here is the contents of Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-02-2015
Ran by LAdams at 2015-02-16 20:39:47 Run:2
Running from C:\Users\LAdams\Desktop
Loaded Profiles: LAdams (Available profiles: LAdams & LogMeInRemoteUser & JimC)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_(1).exe
C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_.exe
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_(1).exe => Moved successfully.
C:\Users\LAdams\Downloads\OffercastInstaller_AVR_U-0250-02-P_.exe => Moved successfully.
EmptyTemp: => Removed 19.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:40:09 ====

[JMCJR]

PC just rebooted on its own . . . ???

[Juliet]

PC just rebooted on its own . . . ???

After running the above script that was created (which it was supposed to), or using the computer for a while and out of the blue it reboots itself?

Were there any alerts?, error messages?, something freeze or stop working as expected?

[JMCJR]

After running the above script, it clearly said that the machine would need to be rebooted, but I had to actually 'ok' that. Afterwards, I noticed the reboot, logged in and posted

 

PC just rebooted on its own . . . ???

This morning, I saw it had again rebooted. When I attempted to log in, the keyboard was disabled. I swapped with another keyboard and then neither mouse nor keyboard would work. I tried to turn the machine off and it said it was shutting down but after several minutes, it did not, so I unplugged it and restarted. Then I was able to log on. I assume the rebooting is out of the blue, no alerts or messages unless they timed out without me seeing and the system went ahead with reboot. Everything else seemed normal . . .

[JMCJR]

I'd just checked to see if Windows Update had been changed, but it's still manual, so that wasn't it. Then I came here to post this information about Windows Update and as I was typing, the machine suddenly rebooted. Could this just be an unrelated coincidence unrelated to software, but instead power supply or motherboard going bad?

[Juliet]

It might not be something then again it could.

I tear my computer apart trying to find whats going on when it does something out of the ordinary.

Then to, could be so far above my head of what to do I think I'll scream.

 

Please download the Event Viewer Tool by Vino Rosso

http://images.malwareremoval.com/vino/VEW.exe

and save it to your Desktop: Might need to right click on this and select run as administrator

 

2. Double-click VEW.exe

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.

[Juliet]

I'd just checked to see if Windows Update had been changed, but it's still manual, so that wasn't it. Then I came here to post this information about Windows Update and as I was typing, the machine suddenly rebooted. Could this just be an unrelated coincidence unrelated to software, but instead power supply or motherboard going bad?

no idea right now.

[JMCJR]

Here you go . . .

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/02/2015 9:46:39 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/02/2015 3:11:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/02/2015 5:41:49 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/02/2015 3:18:40 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/02/2015 3:11:37 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iolo System Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/02/2015 3:11:27 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 9:09:44 AM on ?2/?17/?2015 was unexpected.

Log: 'System' Date/Time: 17/02/2015 2:42:40 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iolo System Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/02/2015 5:42:07 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iolo System Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/02/2015 5:41:56 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 11:39:40 PM on ?2/?16/?2015 was unexpected.

Log: 'System' Date/Time: 17/02/2015 3:18:59 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iolo System Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/02/2015 3:18:47 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 9:16:25 PM on ?2/?16/?2015 was unexpected.

Log: 'System' Date/Time: 17/02/2015 2:43:38 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iolo System Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/02/2015 2:40:18 AM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 17/02/2015 2:39:54 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 17/02/2015 2:39:49 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Broadcom Power monitoring service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/02/2015 2:39:49 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/02/2015 2:39:49 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 17/02/2015 2:39:49 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 17/02/2015 2:39:49 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Vertical Wave Workstation Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/02/2015 2:39:49 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/02/2015 2:39:49 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The TeamViewer 9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.

Log: 'System' Date/Time: 17/02/2015 2:39:49 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/02/2015 2:39:49 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/02/2015 2:39:49 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The dlcq_device service terminated unexpectedly. It has done this 1 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/02/2015 3:12:34 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.

Log: 'System' Date/Time: 17/02/2015 3:11:37 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/02/2015 2:43:09 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.

Log: 'System' Date/Time: 17/02/2015 2:42:45 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/02/2015 10:06:29 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name control.app05-03.logmein.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/02/2015 5:42:40 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.

Log: 'System' Date/Time: 17/02/2015 5:42:04 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/02/2015 3:19:32 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.

Log: 'System' Date/Time: 17/02/2015 3:18:56 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/02/2015 2:44:10 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.

Log: 'System' Date/Time: 17/02/2015 2:43:41 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 16/02/2015 3:42:04 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.

Log: 'System' Date/Time: 16/02/2015 3:41:25 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 16/02/2015 1:21:09 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_DELL&PROD_USB_MASS_STORAGE&REV__200#8&2A4665D8&0&96WNTC1&0#.

Log: 'System' Date/Time: 16/02/2015 1:20:49 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

[Juliet]

From what I can piece together

 

Iolo System Mechanic <--Would uninstall this if your able, registry cleaners are not recommended. Could also be a left over file that needs to come off?

 

device plugged into a USB port? has gone faulty?

 

~~~

• Please download ServicesRepair and save it to your desktop.
  • Double-click ServicesRepair.exe.
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
• After restart wait a few minutes until the system settled down. Run Farbar Service Scanner again and post the log it makes.

~~~~~~~~~~

 

Also please download Windows Repair (all in one) from here

 

Install the program then go to step 4 and create a new system restore point and new registry backup.

 

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

 

 

 

NEXT

On the the Start Repairs tab => Click the Start

 

 

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

 

Click on box next to the Restart System when Finished. Then click on Start.

[JMCJR]

I ran Services Repair, restarted the PC and started Farbar scan and walked away. From another room, I heard beeps and when I came back the screen was up with BIOS: blah blah blah . . .

 

CMOS Checksum Bad

Pressed F2 to Run Setup, then Escape and Discard Changes and Exit Setup [OK] thinking it would reboot? (husband's choice). It just went to black screen with blinking white cursor at upper left corner. Turned the machine off and then back on and on reboot it went back to BIOS again. Same choices, F2 to Run Setup and F1 to load default values and continue. What should we do?

[JMCJR]

By the way, I'm posting from a different machine, the BIOS screen is still up on my monitor, haven't done anything further . . .