Jump to content

Change Mode

All exe files present Bad Image Error Message Windows


Recommended Posts

Looks like the battery just went south.

 

Picked the worst time to do this.

 

The battery on the motherboard has lost its ability to supply power.

Let me supply you with a couple of topics where this is discussed.

 

Normally, when you get a CMOS Checksum error either, or both of the following two steps resolve the problem:

 

1) Apply Factory Defaults and Exit.

 

If not fixed,

 

2) CMOS-battery failure, Replace the CMOS battery is dead or dying.(coin cell battery on the motherboard)

Checksum usually means the Battery is dead or the PSU (Power Supply) Try a different battery?

http://www.pcworld.com/article/240331/troubleshoot_a_bios_or_cmos_checksum_error.html

Link to post
Share on other sites
  • Replies 92
  • Created
  • Last Reply

Top Posters In This Topic

Also Jim said to tell you in regard to your question about a device plugged into a USB port going faulty - when the trouble first began Friday, he removed an external hard drive connected to my machine that's been dead for a long time. (The drive wasn't actually connected physically, but the machine thought it was there until he changed that.)

 

Clicked F1 to default, brief blinking cursor at upper left corner immediately followed by "Missing operating sys" Do I need to go buy a battery?

Link to post
Share on other sites

Wanted to assure you there isn't anything in the FRST tool that could had caused this, it's just a scanner that displays items located on your computer.

 

I've PM's a couple of people that might not be able to see this till they get home from work.

Link to post
Share on other sites

Thanks so much. I think in the meantime we'll go ahead and replace the CMOS battery in case? You've been sooo helpful - are all the Trusted Malware Techs volunteers????

Buying and replacing the battery as far as I know wont hurt a thing.

 

Yes, we are volunteers. :)

Link to post
Share on other sites

The plot thickens . . . Jim replaced the battery. The drive is a Raid and Jim doesn't know how to configure it in the BIOS settings. When we boot from Drive 0 it says missing operating sys, from Drive 1 we only get the blinking cursor at upper left . . . He's looking for instructions at Dell for configuring now. Do you have any thoughts?

Link to post
Share on other sites

Just saw this and thanks so much but he figured it out :) We're back in business but he doesn't want me to proceed with your instructions because we're trying to finalize a contract and if something further happens I don't have access like today to related documents and emails. I can complete everything pdq in the morning so it's probably not worth looking for what all I would need to back up. When I finish per your directions before all this happened I'll post the results. THANK YOU.

Link to post
Share on other sites

Juliet, when the battery went out yesterday I'd gotten so far as to run Services Repair and I presume after reboot Farbar was interrupted. Should I next rerun Farbar followed by Windows Repair per your instructions yesterday and post the Farbar log in my next reply (basically picking up where I left off yesterday)?

Link to post
Share on other sites

you kidding, I'm scared to touch ya!

 

LOL, joking.

 

I really don't think theres a need to run any more service repairs or windows repairs unless there are error messages or system problems (holding my breath there)

I think the issue was caused by both the CMOS battery and the removal of the external drive that had been faulty.

 

I think, all I need to see is a new FRST log

  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

     

     

Link to post
Share on other sites
  • 2 weeks later...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2015
Ran by LAdams (administrator) on LADAMS-PC on 10-03-2015 14:08:12
Running from C:\Users\LAdams\Desktop
Loaded Profiles: LAdams (Available profiles: LAdams & LogMeInRemoteUser & JimC)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
( ) C:\Windows\System32\dlcqcoms.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe
(Vertical Communications, Inc.) C:\Program Files\Common Files\Vertical\Wave\TvWksSvc.exe
(Vertical Communications, Inc.) C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpgradeService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
() C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Vertical Communications, Inc.) C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpdater.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Gadwin Systems, Inc) C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Malwarebytes Corporation) C:\Program Files\MALWAREBYTES ANTI-MALWARE\mbam.exe
(Logitech, Inc.) C:\Users\LAdams\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\LAdams\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe
(Clearcove Ltd.) C:\Program Files\JetTask\JetTask.exe
() C:\Windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe
() C:\Windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe
() C:\Windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe
() C:\Windows\System32\spool\drivers\w32x86\3\dlcqjswx.exe
(ImageMAKER Development Inc.) C:\Program Files\Fax Upload\VSTDAEMON.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [startCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-20] (Wondershare)
HKLM\...\Run: [dlcqmon.exe] => C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [292080 2007-06-29] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 966\memcard.exe [304368 2007-06-29] ()
HKLM\...\Run: [DLCQCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll,[email protected]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [ViewPoint Updater] => C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpdater.exe [105984 2014-03-13] (Vertical Communications, Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Run: [Google Update] => C:\Users\LAdams\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-14] (Google Inc.)
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Run: [DellSystemDetect] => C:\Users\LAdams\AppData\Local\Apps\2.0\NAM2XBH9.1EZ\7VVTT26N.LD3\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-11-21] (Dell)
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Run: [swiftToDoList] => C:\Users\LAdams\AppData\Local\Swift To-Do List\Swift To-Do List.exe [9527096 2015-02-24] (Dextronet)
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: K - K:\TL-Bootstrap.exe
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: {28ee7430-0357-11e3-a67a-a4badbfe84e2} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: {de4de88a-d6e6-11e2-abae-a4badbfe84e2} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\MountPoints2: {de4de8ba-d6e6-11e2-abae-a4badbfe84e2} - K:\TL-Bootstrap.exe
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vista Fax Daemon.lnk
ShortcutTarget: Vista Fax Daemon.lnk -> C:\Program Files\Common Files\ImageMAKER\Vstdaemon.exe (ImageMAKER Development Inc.)
Startup: C:\Users\LAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wave ViewPoint.lnk
ShortcutTarget: Wave ViewPoint.lnk -> C:\Program Files\Vertical Wave\ViewPoint\Vertical.Wave.ViewPoint.exe (Vertical Communications, Inc.)
BootExecute: "autocheck autochk * ""C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync""C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart""૧Ұ"d"Configure Windows Automatic Updates to automatically download and install the latest Windows updates""ங૧Ұ"g"The Windows Automatic Updates Service keeps your computer up to date with the latest Windows components""૧Ұ"d"Configure Windows Automatic Updates to automatically download and install the latest Windows updates""ங૧Ұ"`"Your Internet Explorer home page may have been changed by a virus or other malicious application"剴୲"ங૧Ұ"d"If your computer is attacked by a Denial of Service attack your system's ports may become exhausted""ங૧Ұ"b"Find references to programs intended to start with Windows that no longer exist or have been moved"୲"ங૧Ұ"a"\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sitesell.com\sbiapps"䶤୲"ங૧Ұ"d"Configure Windows Automatic Updates to automatically download and install the latest Windows updates""ங૧Ұ"d"If your computer is attacked by a Denial of Service attack your system's ports may become exhausted""ퟬங૧Ұ"e"\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t-mobilepictures.com\www""힬ங૧Ұ"`"Your Internet Explorer home page may have been changed by a virus or other malicious application"www"훬ங૧Ұ"b"Find references to programs intended to start with Windows that no longer exist or have been moved"୲"홬ங૧Ұ"`"c:\windows\temp\avg_a01576\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\locale\es-es\"al.dtd"૧"""՘૶͐૶ǀ૶૵૵૵૵૵૵૵૵¨૶ʈ૶Ѩ૶و૶ވ૶ING"译ᅃҰ"O"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION"ୃ㫸Ꮟ㫸ᏏN"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING""祁ᅃҰ"N"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING""舱ᅃҰ"N"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING""苡ᅃҰ"N"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING""莑ᅃҰ"N"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING""葁ᅃҰ"N"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING""蓱ᅃҰ"N"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING""眱ᅃҰ"O"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING""耡ᅃҰ"O"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING""蜁ᅃҰ"O"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING""螱ᅃҰ"O"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING""衡ᅃҰ"O"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING""褑ᅃҰ"O"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING""见ᅃҰ"O"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING""ᦐᅃҰ"M"SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\ActiveSetup\FavoritesList"e"話ᅃҰ"M"SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SECURITYBAND"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-02] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-02] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{4F7F2D01-D3A7-4CEC-8EAD-B35584C5E295}: [NameServer] 209.18.47.61,209.18.47.62
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default
FF Homepage: https://duckduckgo.com/?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @citrixonline.com/appdetectorplugin -> C:\Users\LAdams\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-10-07] (Citrix Online)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\LAdams\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2014-09-09] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @screenleap.com/ScreenleapPlugin,version=1.1 -> C:\Users\LAdams\AppData\Local\Screenleap\npscreenleap1.1.dll [2014-11-14] (ScreenLeap, Inc.)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\LAdams\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @talk.google.com/O1DPlugin -> C:\Users\LAdams\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @tools.google.com/Google Update;version=3 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1540194735-2960423807-4092532110-1000: @tools.google.com/Google Update;version=9 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-09-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\LAdams\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-01-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\LAdams\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\LAdams\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\Extensions\[email protected] [2013-06-22]
FF Extension: Ghostery - C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\Extensions\[email protected] [2013-08-02]
FF Extension: QuickJava - C:\Users\LAdams\AppData\Roaming\Mozilla\Firefox\Profiles\4p125r55.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2011-08-06]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-03-30]

Chrome:
=======
CHR Profile: C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Signals by HubSpot) - C:\Users\LAdams\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2014-05-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 dlcq_device; C:\Windows\system32\dlcqcoms.exe [537480 2006-12-12] ( )
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-07-02] (Macrovision Europe Ltd.) [File not signed]
R2 TvWksSvc; C:\Program Files\Common Files\Vertical\Wave\TvWksSvc.exe [130560 2014-03-12] (Vertical Communications, Inc.) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-12-15] (Logitech Inc.)
R2 ViewPointUpgradeService; C:\Program Files\Vertical Wave\ViewPoint\ViewPointUpgradeService.exe [14336 2014-03-13] (Vertical Communications, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 ioloSystemService; "C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5295616 2010-01-28] (ATI Technologies Inc.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [299552 2014-11-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2014-06-09] (EldoS Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [133632 2012-01-30] (HTC Corporation)
S3 ICDUSB2; C:\Windows\System32\Drivers\ICDUSB2.sys [39048 2002-11-28] (Sony Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-27] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-09-14] (Wondershare)
R3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-09-14] (Wondershare)
R3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-09-14] (Wondershare)
R3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-09-14] (Wondershare)
R3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-09-14] (Wondershare)
S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 14:06 - 2015-03-10 14:06 - 00001106 _____ () C:\Users\LAdams\Desktop\FRST - Shortcut.lnk
2015-03-10 14:05 - 2015-03-10 14:05 - 01134592 _____ (Farbar) C:\Users\LAdams\Downloads\FRST.exe
2015-03-10 13:53 - 2015-03-10 13:53 - 00000000 ____D () C:\Users\LAdams\Desktop\FRST-OlderVersion
2015-03-10 13:33 - 2015-03-10 13:33 - 00000000 ____D () C:\Users\Public\FaxUpload
2015-03-10 13:33 - 2015-03-10 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fax Upload
2015-03-10 13:33 - 2015-03-10 13:33 - 00000000 ____D () C:\Program Files\Common Files\ImageMAKER
2015-03-10 13:33 - 2013-09-24 14:02 - 00235144 _____ (ImageMAKER Development Inc.) C:\Windows\system32\FAXUPMN09.DLL
2015-03-10 13:33 - 2013-09-24 14:02 - 00013960 _____ (ImageMAKER Development Inc.) C:\Windows\system32\FAXUPMU09.DLL
2015-03-10 13:33 - 2006-11-27 16:33 - 00071680 _____ (ImageMaker Development Inc.) C:\Windows\system32\IMGDRJPM.DLL
2015-03-10 13:33 - 2006-04-11 07:12 - 00155648 _____ (ImageMaker Development Inc.) C:\Windows\system32\IMG32JPM.DLL
2015-03-10 13:31 - 2015-03-10 13:33 - 00000000 ____D () C:\Program Files\Fax Upload
2015-03-10 13:22 - 2015-03-10 13:22 - 03275232 _____ () C:\Users\LAdams\Downloads\faxUploadSetup(1).exe
2015-03-10 11:32 - 2015-03-10 11:32 - 00529109 _____ () C:\ProgramData\SPLC650.tmp
2015-03-09 23:17 - 2015-03-09 23:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-09 12:29 - 2015-03-09 12:29 - 01498606 _____ () C:\Users\LAdams\Desktop\03-09-2015-erase-afterward.wav
2015-03-05 18:28 - 2015-03-10 13:26 - 00000000 ___RD () C:\Users\LAdams\Documents\Swift To-Do List
2015-03-05 18:28 - 2015-03-05 18:28 - 00001160 _____ () C:\Users\LAdams\Desktop\Swift To-Do List.lnk
2015-03-05 18:28 - 2015-03-05 18:28 - 00000000 ____D () C:\Users\LAdams\AppData\Roaming\Dextronet
2015-03-05 18:28 - 2015-03-05 18:28 - 00000000 ____D () C:\Users\LAdams\AppData\Local\Swift To-Do List
2015-03-05 18:28 - 2015-03-05 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swift To-Do List
2015-03-05 18:20 - 2015-03-05 18:20 - 26136856 _____ (Dextronet ) C:\Users\LAdams\Downloads\swifttodolist.exe
2015-03-05 17:29 - 2015-03-05 17:47 - 00000000 ____D () C:\Users\LAdams\AppData\Roaming\JetTask
2015-03-05 17:29 - 2015-03-05 17:47 - 00000000 ____D () C:\Program Files\JetTask
2015-03-05 17:28 - 2015-03-05 17:47 - 00000000 ___HD () C:\ProgramData\~0
2015-03-05 17:27 - 2015-03-05 17:27 - 07520440 _____ (Clearcove Limited ) C:\Users\LAdams\Downloads\jettask.exe
2015-03-05 17:24 - 2015-03-05 17:24 - 00232200 _____ () C:\Users\LAdams\Downloads\jettask-27754552.exe
2015-03-05 17:00 - 2015-03-05 17:00 - 12175945 _____ () C:\Users\LAdams\Downloads\shoutdone-setup.exe
2015-03-02 12:57 - 2015-03-02 12:57 - 21877024 _____ (Unseen, ehf. ) C:\Users\LAdams\Downloads\unseenapp-beta-v0.2.5-win-ia32-setup.exe
2015-02-17 11:54 - 2015-02-17 11:54 - 00028273 _____ () C:\Users\LAdams\Desktop\Addition.txt
2015-02-17 11:53 - 2015-03-10 14:09 - 00025289 _____ () C:\Users\LAdams\Desktop\FRST.txt
2015-02-17 11:46 - 2015-02-17 11:47 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2015-02-17 11:45 - 2015-02-17 11:45 - 04009167 _____ () C:\Users\LAdams\Desktop\ServicesRepair.exe
2015-02-17 10:46 - 2015-02-17 10:46 - 00010678 _____ () C:\VEW.txt
2015-02-17 10:44 - 2015-02-17 10:44 - 00061440 _____ ( ) C:\Users\LAdams\Desktop\VEW.exe
2015-02-16 16:01 - 2015-02-16 16:01 - 00000281 _____ () C:\Users\LAdams\Desktop\MyEsetScan.txt
2015-02-16 13:42 - 2015-02-16 13:42 - 02347384 _____ (ESET) C:\Users\LAdams\Desktop\esetsmartinstaller_enu.exe
2015-02-16 10:52 - 2015-03-10 13:24 - 00000000 ____D () C:\Users\LAdams\Documents\Spiceworks 2015
2015-02-15 16:07 - 2015-02-15 16:07 - 00005173 _____ () C:\Users\LAdams\Desktop\JRT.txt
2015-02-15 16:01 - 2015-02-15 16:01 - 01388274 _____ (Thisisu) C:\Users\LAdams\Desktop\JRT.exe
2015-02-15 15:59 - 2015-02-15 15:59 - 00015596 _____ () C:\Users\LAdams\Desktop\AdwCleaner[s0].txt
2015-02-15 15:54 - 2015-02-15 15:54 - 00014922 _____ () C:\Users\LAdams\Desktop\AdwCleaner[R0].txt
2015-02-15 15:26 - 2015-02-15 20:19 - 00000000 ____D () C:\AdwCleaner
2015-02-15 15:23 - 2015-02-15 15:23 - 02112512 _____ () C:\Users\LAdams\Desktop\AdwCleaner.exe
2015-02-15 11:57 - 2015-02-15 11:58 - 00033775 _____ () C:\Users\LAdams\Downloads\Addition.txt
2015-02-15 11:55 - 2015-03-10 14:08 - 00000000 ____D () C:\FRST
2015-02-15 11:55 - 2015-02-15 11:58 - 00054525 _____ () C:\Users\LAdams\Downloads\FRST.txt
2015-02-15 11:53 - 2015-03-10 13:53 - 01134592 _____ (Farbar) C:\Users\LAdams\Desktop\FRST.exe
2015-02-13 18:40 - 2015-02-13 19:33 - 00022865 _____ () C:\Windows\system32\avgrep.txt
2015-02-13 17:00 - 2014-06-09 14:47 - 00026248 _____ (EldoS Corporation) C:\Windows\system32\Drivers\ElRawDsk.sys
2015-02-13 16:58 - 2015-02-13 16:58 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2015-02-13 16:58 - 2015-02-13 16:58 - 00000000 ____D () C:\Windows\system32\config\Before Compact
2015-02-13 16:57 - 2015-02-13 16:57 - 00000000 ____D () C:\Windows\system32\config\Original
2015-02-13 16:55 - 2015-02-13 16:55 - 00000000 ____D () C:\Users\LAdams\AppData\Roaming\ioloGovernor
2015-02-13 16:53 - 2015-02-13 16:58 - 00000000 ____D () C:\Users\LAdams\AppData\Roaming\iolo
2015-02-13 12:50 - 2015-02-13 14:25 - 00000000 ____D () C:\VIPRERESCUE
2015-02-13 12:50 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-02-13 12:50 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-02-09 18:00 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-09 18:00 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-09 18:00 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-09 18:00 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-09 18:00 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-09 17:57 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-09 17:57 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-09 17:57 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-09 17:57 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-09 17:57 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-09 17:57 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-09 17:57 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-09 17:57 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-09 17:57 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-09 17:57 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-09 17:57 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-09 17:57 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-09 17:57 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-09 17:57 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-09 17:57 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-09 17:57 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-09 17:57 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-09 17:57 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-09 17:57 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-09 17:57 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-09 17:57 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-09 17:57 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-09 17:57 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-09 17:57 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-09 17:57 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-09 17:57 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-09 17:57 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-09 17:57 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-09 17:57 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-09 17:57 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-09 17:57 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-09 17:57 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-09 17:56 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-09 17:56 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-09 17:56 - 2014-12-11 12:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-09 17:56 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-09 17:56 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-09 17:56 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-09 17:56 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-09 17:56 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-09 17:55 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-09 17:55 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-09 17:55 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-09 17:55 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-09 17:55 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-09 16:39 - 2015-02-09 19:47 - 00000000 ____D () C:\Users\LAdams\Documents\CRM 2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 14:08 - 2012-09-28 23:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 14:06 - 2014-07-08 10:14 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1540194735-2960423807-4092532110-1000.job
2015-03-10 13:57 - 2009-07-13 23:55 - 01660589 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 13:53 - 2010-10-24 17:50 - 00000000 ____D () C:\Users\LAdams\Documents\Outlook Files
2015-03-10 13:34 - 2013-04-03 17:10 - 00000000 ____D () C:\Program Files\Dl_cats
2015-03-10 13:33 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2015-03-10 13:27 - 2014-08-27 11:36 - 00000000 ____D () C:\Users\LAdams\Documents\Terrill-Waldrop
2015-03-10 13:25 - 2011-03-09 09:56 - 00000000 ____D () C:\Users\LAdams\Documents\Jim Health Stuff
2015-03-10 13:24 - 2014-02-28 12:44 - 00000000 ____D () C:\Users\LAdams\Documents\The Steam Team 2014
2015-03-10 13:24 - 2013-09-26 11:25 - 00000000 ____D () C:\Users\LAdams\Documents\PCHAS
2015-03-10 13:24 - 2011-03-31 17:15 - 00000000 ____D () C:\Users\LAdams\Documents\Recipes
2015-03-10 13:16 - 2014-11-14 14:04 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1540194735-2960423807-4092532110-1000UA.job
2015-03-10 09:41 - 2010-10-24 13:02 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2015-03-10 08:49 - 2012-08-03 15:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-10 02:16 - 2014-11-14 14:04 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1540194735-2960423807-4092532110-1000Core.job
2015-03-10 02:06 - 2011-04-07 20:31 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-03-09 12:32 - 2013-01-31 12:42 - 00000000 ____D () C:\ProgramData\xml_param
2015-03-09 12:31 - 2010-10-15 11:33 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 17:20 - 2014-11-17 10:28 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-03-03 17:20 - 2014-11-17 10:28 - 00001099 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-03-03 13:55 - 2012-09-07 14:50 - 00000000 ____D () C:\Users\LAdams\Documents\PiscesFoods
2015-03-03 13:16 - 2014-09-04 13:34 - 00000000 ____D () C:\Users\LAdams\Documents\Spivey & Grigg
2015-02-27 16:46 - 2012-08-13 16:47 - 00000000 ____D () C:\Users\LAdams\Documents\Payroll
2015-02-27 14:34 - 2014-11-18 00:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 09:15 - 2010-12-27 11:49 - 00341504 _____ () C:\Users\LAdams\Documents\Sales_Tax_1_(1).xls
2015-02-24 11:31 - 2014-10-09 19:32 - 00268466 _____ () C:\dlcq.log
2015-02-22 15:36 - 2009-07-13 23:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-22 15:36 - 2009-07-13 23:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 11:57 - 2014-01-28 08:57 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-22 11:57 - 2014-01-28 08:57 - 00001009 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-02-22 11:57 - 2011-04-07 20:30 - 00000000 ____D () C:\Program Files\LogMeIn
2015-02-22 11:56 - 2011-04-07 20:31 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-02-22 11:56 - 2011-04-07 20:31 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-02-22 11:56 - 2011-04-07 20:31 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-02-16 10:41 - 2014-12-02 14:24 - 00000000 ____D () C:\Program Files\iolo
2015-02-16 10:41 - 2010-10-15 13:19 - 00261620 _____ () C:\Windows\PFRO.log
2015-02-16 10:40 - 2014-12-02 14:24 - 00000000 ____D () C:\ProgramData\iolo
2015-02-15 12:48 - 2013-10-14 18:03 - 00000000 ____D () C:\Users\LAdams\Documents\Phillip Godwin
2015-02-14 18:20 - 2013-03-18 09:09 - 00000000 ____D () C:\Users\LAdams\Desktop\Misc
2015-02-14 13:28 - 2013-04-10 15:29 - 00000000 ____D () C:\Users\LAdams\Documents\ZohoMeeting
2015-02-14 13:26 - 2012-10-12 10:16 - 00000000 ____D () C:\Users\LAdams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDFMate
2015-02-14 13:26 - 2012-10-12 10:16 - 00000000 ____D () C:\Program Files\PDFMate
2015-02-14 13:26 - 2010-10-15 11:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-14 13:24 - 2014-08-27 09:34 - 00000000 ____D () C:\Program Files\Applian Technologies
2015-02-14 13:24 - 2010-10-19 19:55 - 00000000 ____D () C:\Users\LAdams
2015-02-13 18:12 - 2013-02-17 20:21 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-13 18:12 - 2011-10-07 09:26 - 00000000 ____D () C:\Program Files\WinHTTrack
2015-02-13 18:11 - 2014-11-23 12:46 - 00000000 ____D () C:\Windows\Minidump
2015-02-13 18:11 - 2014-10-08 11:45 - 00000000 ____D () C:\Users\LAdams\Documents\TLIE
2015-02-13 18:11 - 2014-02-23 13:55 - 00000000 ____D () C:\Users\LAdams\Documents\First Presbyterian Midland
2015-02-13 18:11 - 2014-02-12 16:39 - 00000000 ____D () C:\Users\LAdams\Documents\My CamStudio Temp Files
2015-02-13 18:11 - 2013-09-30 13:00 - 00000000 ____D () C:\Users\LAdams\Documents\LOA
2015-02-13 18:11 - 2013-09-24 15:21 - 00000000 ____D () C:\Users\LAdams\Documents\Knight Office Solutions
2015-02-13 18:11 - 2013-06-05 07:31 - 00000000 ____D () C:\Users\LAdams\Documents\Leads Group
2015-02-13 18:11 - 2013-01-09 12:10 - 00000000 ____D () C:\Users\LAdams\Documents\Finley Company
2015-02-13 18:11 - 2012-05-16 16:45 - 00000000 ____D () C:\Users\LAdams\Documents\ShaferFirm
2015-02-13 18:11 - 2012-05-02 09:32 - 00000000 ____D () C:\Users\LAdams\Documents\Ebay
2015-02-13 18:11 - 2012-04-23 12:22 - 00000000 ____D () C:\Users\LAdams\Documents\TODO
2015-02-13 18:11 - 2012-02-20 19:49 - 00000000 ____D () C:\Users\LAdams\Documents\TexasCathConf
2015-02-13 18:11 - 2012-01-27 17:27 - 00000000 ____D () C:\Users\LAdams\Documents\PremierResMrtg
2015-02-13 18:11 - 2012-01-02 18:51 - 00000000 ____D () C:\Users\LAdams\Documents\AccesslineDPS
2015-02-13 18:11 - 2011-12-10 21:34 - 00000000 ____D () C:\Users\LAdams\Documents\Adams
2015-02-13 18:11 - 2011-06-22 15:02 - 00000000 ____D () C:\Users\Public\Documents\LunchnLearn+SBI
2015-02-13 18:11 - 2011-05-06 16:44 - 00000000 ____D () C:\Users\LAdams\Documents\Water Source One
2015-02-13 18:11 - 2011-03-31 17:14 - 00000000 ____D () C:\Users\LAdams\Documents\48 East Avenue
2015-02-13 18:11 - 2011-03-03 10:29 - 00000000 ____D () C:\Users\LAdams\Documents\TXCampforEnviron
2015-02-13 18:11 - 2011-02-11 18:53 - 00000000 ____D () C:\Users\LAdams\Documents\SBI Site 2011
2015-02-13 18:11 - 2011-01-25 20:02 - 00000000 ____D () C:\Users\LAdams\Documents\Spiceworks
2015-02-13 18:11 - 2010-12-08 15:34 - 00000000 ____D () C:\Users\LAdams\Documents\User Guides
2015-02-13 18:06 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-13 14:44 - 2014-11-18 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-13 14:44 - 2013-04-30 13:42 - 00000000 ____D () C:\Program Files\MALWAREBYTES ANTI-MALWARE
2015-02-13 14:44 - 2012-10-08 11:18 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-12 00:41 - 2011-07-21 20:58 - 00000000 ____D () C:\Users\JimC
2015-02-10 10:58 - 2012-06-11 16:36 - 00000000 ____D () C:\Users\LAdams\Documents\ScannedforJim
2015-02-09 21:21 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2015-02-09 18:09 - 2010-10-19 20:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-09 18:07 - 2013-08-12 08:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-09 17:42 - 2009-07-13 23:33 - 00435960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-09 17:31 - 2015-01-21 18:54 - 00000000 ____D () C:\Users\LAdams\Documents\Produce Pro
2015-02-09 17:27 - 2014-08-19 11:17 - 00000000 ____D () C:\Users\LAdams\Documents\Website 2014
2015-02-09 17:20 - 2015-01-30 17:05 - 00000000 ____D () C:\Users\LAdams\Documents\Samsung 2015
2015-02-09 17:12 - 2015-01-19 12:44 - 00000000 ____D () C:\Users\LAdams\Documents\MSB Connect
2015-02-09 17:05 - 2013-09-25 16:38 - 00000000 ____D () C:\Users\LAdams\Documents\Texas Associates

==================== Files in the root of some directories =======

2013-06-27 06:43 - 2014-06-23 06:15 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-02-12 17:17 - 2014-02-12 17:17 - 0000050 _____ () C:\Users\LAdams\AppData\Roaming\Camdata.ini
2014-02-12 17:17 - 2014-02-12 17:17 - 0000408 _____ () C:\Users\LAdams\AppData\Roaming\CamLayout.ini
2014-02-12 17:17 - 2014-02-12 17:17 - 0000408 _____ () C:\Users\LAdams\AppData\Roaming\CamShapes.ini
2014-02-12 17:17 - 2014-02-12 17:17 - 0004546 _____ () C:\Users\LAdams\AppData\Roaming\CamStudio.cfg
2010-10-26 08:12 - 2013-07-18 19:14 - 0038403 _____ () C:\Users\LAdams\AppData\Roaming\Comma Separated Values (Windows).ADR
2011-08-26 09:06 - 2011-08-26 09:06 - 0022849 _____ () C:\Users\LAdams\AppData\Roaming\UserTile.png
2014-02-12 15:51 - 2014-02-12 15:51 - 0000096 _____ () C:\Users\LAdams\AppData\Roaming\version2.xml
2015-03-10 11:32 - 2015-03-10 11:32 - 0529109 _____ () C:\ProgramData\SPLC650.tmp
2014-12-30 20:36 - 2014-12-30 20:36 - 0004996 _____ () C:\ProgramData\vczcspay.tpu

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-10 00:17

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-03-2015
Ran by LAdams at 2015-03-10 14:09:34
Running from C:\Users\LAdams\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 9 Pro (HKLM\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Adobe Connect 9 Add-in) (Version: 11,2,385,0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies)
AVG 2011 (Version: 10.0.1434 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.4257 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Management Programs (HKLM\...\{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}) (Version: 12.35.01 - Broadcom Corporation)
CameraHelperMsi (Version: 13.40.836.0 - Logitech) Hidden
ccc-core-static (Version: 2010.0127.2258.41203 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Citrix Online Launcher (HKLM\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Photo AIO Printer 966 (HKLM\...\Dell Photo AIO Printer 966) (Version: - Dell, Inc.)
Dell System Detect (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
DESI Labeling System (HKLM\...\DESI Labeling System 3.2.2.0) (Version: 3.1.10.1 - DESI Telephone Labels, Inc.)
DESI Labeling System (Version: 3.2.2.0 - DESI Telephone Labels, Inc.) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Digital Voice Editor 3 (HKLM\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.3.01.11240 - Sony Corporation)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fax Upload (HKLM\...\Fax Upload) (Version: - )
Gadwin PrintScreen (HKLM\...\Gadwin PrintScreen) (Version: 4.5 - Gadwin Systems, Inc.)
Gadwin ScreenRecorder (32-Bit) (HKLM\...\{964E5657-3679-4A23-8E59-13970C26A2E1}) (Version: 3.0.2.0 - Gadwin Systems)
Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
GoToMeeting 7.1.2.2417 (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\GoToMeeting) (Version: 7.1.2.2417 - CitrixOnline)
HTML-Kit (HKLM\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
InstantOffice 2.0 Client-Side Cache (HKLM\...\InstantOffice 2.0 Client-Side Cache) (Version: - )
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iSqFt Full Viewer V4.01 (HKLM\...\{19A71C4F-94D9-44EA-AC98-FF8A045273AB}) (Version: - )
iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LinkedIn Outlook Connector (HKLM\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LogMeIn (HKLM\...\{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}) (Version: 4.1.1586 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}) (Version: 8.0.6362.201 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.28.0 - Dell)
Movavi Screen Capture Studio 6 (HKLM\...\Movavi Screen Capture Studio 6) (Version: 6.1.1 - Movavi)
Movavi Video Suite 14 (HKLM\...\Movavi Video Suite 14) (Version: 14.0.1 - Movavi)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Paint.NET v3.5.8 (HKLM\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}) (Version: 3.58.0 - dotPDN LLC)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Presentation Pointer V1.3.4 (HKLM\...\Presentation Pointer_is1) (Version: - www.presentation-assistant.com)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - )
RingCentral Meetings (HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\...\RingCentralMeetings) (Version: 2.5 - Zoom Video Communications, Inc. and RingCentral Inc.)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
RZ Free Burner (HKLM\...\{5ED1A10B-1287-416D-A7FE-54EE365D91E1}) (Version: 3.00 - RealZeal Soft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skins (Version: 2010.0127.2258.41203 - ATI) Hidden
Swift To-Do List 9.206 (HKLM\...\Swift To-Do List_is1) (Version: 9.206 - Jiri Novotny, Dextronet)
System Checkup 3.5 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.5.10 - iolo technologies, LLC)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Vertical Wave ViewPoint (HKLM\...\{CD53B08A-5B75-40F9-9BE7-71E426F4D979}) (Version: 4.5.0.2595 - Vertical)
VSDC Free Video Editor version 2.2.0.310 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.2.0.310 - Flash-Integro LLC)
Wickr - Top Secret Messenger (HKLM\...\{491EC810-0FE9-4CC7-9463-BB6A1A7D56A9}) (Version: 2.2.2.1 - Wickr Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinHTTrack Website Copier 3.44-1 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.44.1 - HTTrack)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WModem Driver Installer (HKLM\...\HTC_WModemDriver) (Version: 2.0.6.14 - HTC)
Wondershare Media Converter(Build 1.4.1.1) (HKLM\...\Wondershare Media Converter_is1) (Version: - Wondershare Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\LAdams\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\LAdams\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{6A80FF4F-13D8-4BE3-AD84-915B304A0C1B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\LAdams\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\LAdams\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\LAdams\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)

==================== Restore Points =========================

02-03-2015 01:00:02 Scheduled Checkpoint
10-03-2015 00:00:02 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-02-15 14:56 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3EA0D341-7097-4E85-AA98-ED5EEC23442A} - System32\Tasks\{57AE350B-2197-455D-8C87-32146F1738B9} => pcalua.exe -a E:\Start.exe -d E:\
Task: {471696DC-1C28-440D-8B9F-8CCCC406270F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1540194735-2960423807-4092532110-1000UA => C:\Users\LAdams\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-14] (Google Inc.)
Task: {523E8C66-47BE-4B3E-87CB-12F9D9834AD2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1540194735-2960423807-4092532110-1000Core => C:\Users\LAdams\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-14] (Google Inc.)
Task: {64330161-4AF2-4C8B-A56C-823DB70E94BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6A97AB6B-D1C5-402B-804E-67F79F40C20A} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {736DF6FE-A656-4D3B-AB8A-E4922E520FC1} - System32\Tasks\{4B31C3E0-1A5C-4194-BE12-20227ECCF498} => C:\Users\LAdams\Documents\Wave 3.0 Stuff\ViewPoint%20Training%20Module\autorun.exe [2008-12-08] ()
Task: {7B0571FA-8767-4210-BE10-544BF2D78015} - \task120682607 No Task File <==== ATTENTION
Task: {B5A9A663-EA81-4983-8B4A-D676CAD9537F} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk
Task: {BC45D02F-664D-4038-9AD0-F92C1BD7D5E9} - System32\Tasks\G2MUpdateTask-S-1-5-21-1540194735-2960423807-4092532110-1000 => C:\Users\LAdams\AppData\Local\Citrix\GoToMeeting\2417\g2mupdate.exe [2015-03-06] (Citrix O

Link to post
Share on other sites

Part of the addition log was cut off but I think we can continue for now.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL =

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-02] (Oracle Corporation)

FF Homepage: https://duckduckgo.com/?q=

S2 ioloSystemService; "C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe" [X]

Task: {6A97AB6B-D1C5-402B-804E-67F79F40C20A} - \PCDEventLauncherTask No Task File <==== ATTENTION

Task: {7B0571FA-8767-4210-BE10-544BF2D78015} - \task120682607 No Task File <==== ATTENTION

EmptyTemp:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Post the Fixlog when finished and also let me know how the computer is at the moment.

Link to post
Share on other sites

Also, forgot to add this

 

Please follow these instructions to show all files and folders

http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

 

 

Please go to one of the below sites to scan the following files:

Virus Total (Recommended)

jotti.org

VirScan

click on Browse, and upload the following file for analysis:

 

C:\ProgramData\vczcspay.tpu

 

 

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by LAdams at 2015-03-11 12:28:09 Run:3
Running from C:\Users\LAdams\Desktop
Loaded Profiles: LAdams (Available profiles: LAdams & LogMeInRemoteUser & JimC)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1540194735-2960423807-4092532110-1000 -> {8EC25BA8-D8D3-4E27-837D-A863C33EB534} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-02] (Oracle Corporation)
FF Homepage: https://duckduckgo.com/?q=
S2 ioloSystemService; "C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe" [X]
Task: {6A97AB6B-D1C5-402B-804E-67F79F40C20A} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {7B0571FA-8767-4210-BE10-544BF2D78015} - \task120682607 No Task File <==== ATTENTION
EmptyTemp:
End
*****************

Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1540194735-2960423807-4092532110-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EC25BA8-D8D3-4E27-837D-A863C33EB534}" => Key deleted successfully.
HKCR\CLSID\{8EC25BA8-D8D3-4E27-837D-A863C33EB534} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
Firefox homepage deleted successfully.
ioloSystemService => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A97AB6B-D1C5-402B-804E-67F79F40C20A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A97AB6B-D1C5-402B-804E-67F79F40C20A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B0571FA-8767-4210-BE10-544BF2D78015}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B0571FA-8767-4210-BE10-544BF2D78015}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task120682607" => Key deleted successfully.
EmptyTemp: => Removed 3.6 GB temporary data.


The system needed a reboot.

==== End of Fixlog 12:28:15 ====

Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...