1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

slow computer, keyboard freezes, internet freezes

Discussion in 'Virus & Other Malware Removal' started by field4, Feb 27, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. field4

    field4 Thread Starter

    Joined:
    Oct 15, 2009
    Messages:
    25
    Hi
    I wondered whether I could get help with a increasing slow and infected computer, internet and email freezes, so does the keyboard and sometimes the cursor moves on it's own. It is a HP windows 7, 64 bit OS, 4.00 GB, AMD E-350 processor 1.60 GHz. Below are the logs. I have had to attach the ark txt file as the message board will only allow a certain number of characters
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:41:29, on 27/02/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16635)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
    C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\HP\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=cr&ei=WZZvUqeAPMTX0QXMmoHICw
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...yBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Users\HP\AppData\Local\Temp\E_SFD23.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-402 403 405 406 Series"
    O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bluetooth Device Manager - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
    O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
    O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 12191 bytes
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20/05/2013 18:01:48
    System Uptime: 27/02/2014 09:50:01 (2 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1611
    Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 29 GiB total, 1.293 GiB free.
    D: is FIXED (NTFS) - 264 GiB total, 258.486 GiB free.
    F: is FIXED (FAT32) - 5 GiB total, 2.138 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader XI (11.0.06)
    AMD APP SDK Runtime
    AMD Fuel
    AMD Media Foundation Decoders
    AMD VISION Engine Control Center
    Ashampoo Burning Studio 6 FREE v.6.84
    ATI Catalyst Install Manager
    avast! Free Antivirus
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    ContentSAFER for Wizmax
    CyberLink YouCam
    EmoDio
    EPSON Scan
    EPSON SX410 Series Printer Uninstall
    EPSON XP-402 403 405 406 Series Printer Uninstall
    EpsonNet Print
    ESU for Microsoft Windows 7 SP1
    FormatFactory 3.1.1
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP 3D DriveGuard
    HP Customer Experience Enhancements
    HP Officejet Pro 8500 A910 Basic Device Software
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP QuickWeb
    HP Software Framework
    HP Support Assistant
    jetAudio Basic VX
    LightBox Free Image Editor
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4.5
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 26.0 (x86 en-US)
    Mozilla Maintenance Service
    neroxml
    proXPN 2.5.3
    Ralink Motorola BC8 Bluetooth 3.0+HS Adapter
    Ralink RT5390 802.11b/g/n WiFi Adapter
    Realtek Ethernet Controller Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 4.5 (KB2737083)
    Security Update for Microsoft .NET Framework 4.5 (KB2742613)
    Security Update for Microsoft .NET Framework 4.5 (KB2789648)
    Security Update for Microsoft .NET Framework 4.5 (KB2804582)
    Security Update for Microsoft .NET Framework 4.5 (KB2833957)
    Skype Click to Call
    Skype¬ô 6.9
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4.5 (KB2750147)
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    WinRAR 4.20 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    27/02/2014 08:57:50, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    27/02/2014 08:56:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    26/02/2014 12:02:10, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    24/02/2014 20:59:38, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
    24/02/2014 09:00:23, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16635
    Run by HP at 11:41:57 on 2014-02-27
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3690.1994 [GMT 0:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Motorola\Bluetooth\obexsrv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Windows\System32\spool\drivers\x64\3\E_IATIFCE.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\system32\EscSvc64.exe
    C:\Windows\System32\spool\drivers\x64\3\E_IATIIJE.EXE
    C:\Windows\system32\RunDll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Motorola\Bluetooth\audiosrv.exe
    C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_70_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.co.uk/?gws_rd=cr&ei=WZZvUqeAPMTX0QXMmoHICw
    mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    mWinlogon: Userinit = userinit.exe
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    uRun: [EPSON SX410 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Users\HP\AppData\Local\Temp\E_SFD23.tmp" /EF "HKCU"
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Google Update] "C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIIJE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-402 403 405 406 Series"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SMSTray] C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    StartupFolder: C:\Users\HP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{13FEDC8A-D2F3-4469-9913-69FBE4329011} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{13FEDC8A-D2F3-4469-9913-69FBE4329011}\244584572633D215848434 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{13FEDC8A-D2F3-4469-9913-69FBE4329011}\35B4952383249393 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{13FEDC8A-D2F3-4469-9913-69FBE4329011}\E456474797025487472716 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{ABF298AA-49EE-49B9-B981-6806030C1039} : DHCPNameServer = 8.8.8.8 4.2.2.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
    x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Users\HP\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
    FF - plugin: C:\Users\HP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\HP\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\HP\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.mysearchdial.hmpg - true
    FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    FF - user.js: extensions.mysearchdial.dfltSrch - true
    FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
    FF - user.js: extensions.mysearchdial.dnsErr - true
    FF - user.js: extensions.mysearchdial_i.newTab - false
    FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=&q=
    FF - user.js: extensions.mysearchdial.id - C0F8DA662FB12374
    FF - user.js: extensions.mysearchdial.instlDay - 15995
    FF - user.js: extensions.mysearchdial.vrsn -
    FF - user.js: extensions.mysearchdial.vrsni -
    FF - user.js: extensions.mysearchdial_i.vrsnTs - 22:42:51
    FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
    FF - user.js: extensions.mysearchdial.prdct - mysearchdial
    FF - user.js: extensions.mysearchdial.aflt - dnldmsd
    FF - user.js: extensions.mysearchdial_i.smplGrp - none
    FF - user.js: extensions.mysearchdial.tlbrId - base
    FF - user.js: extensions.mysearchdial.instlRef -
    FF - user.js: extensions.mysearchdial.dfltLng -
    FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
    FF - user.js: extensions.mysearchdial.excTlbr - false
    FF - user.js: extensions.mysearchdial_i.hmpg - true
    FF - user.js: extensions.mysearchdial.cr - 2002946080
    FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q
    FF - user.js: extensions.irmysearch.aflt - dnldmsd
    FF - user.js: extensions.irmysearch.instlRef -
    FF - user.js: extensions.irmysearch.cr - 2002946080
    FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AyCyCtB0F0BtCtBtAyByEtN0D0Tzu0CyCyDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q
    .
    .
    .
    .
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-11-11 77952]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-11-11 37504]
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-8-18 65336]
    R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-8-18 189936]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-8-18 1030952]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-8-18 378944]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-28 203776]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-8-4 365568]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-8-18 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-8-18 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-8-18 46808]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2013-5-21 680016]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
    R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-12-17 135824]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-18 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-18 701512]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-5-20 46136]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-7 231440]
    R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2013-5-21 4151376]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2013-5-21 1189968]
    R3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\System32\drivers\btmusb.sys [2013-5-21 486144]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-5-21 1028096]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-18 25928]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-5-20 1492992]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-5-20 250984]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-20 349800]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-20 47232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 btmaudio;Motorola Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2013-5-21 43008]
    S3 BTMCOM;Bluetooth Serial Port;C:\Windows\System32\drivers\btmcom.sys [2013-5-21 52736]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-21 1255736]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2014-02-21 10:25:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-21 10:25:21 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
     

    Attached Files:

  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    field4,
    You don't have enough free space on the C: drive for Windows to operate properly.
    You will need to Uninstall any programs you don't use.
    ----------------------------------------------
    Download and Run Temp File Cleaner (TFC.exe)
    Download Temp File Cleaner and save it to your desktop.
    You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!
    Double click to run it. (Right click and choose Run as administrator in Vista or Win7)
    If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
    When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
    After Restart, log back in to your usual account.
    You can keep TFC on your desktop and run it every week or two to clean out excessive temporary files. It does usually require a restart.
    ----------------------------------------------
    You need about 5Gb Free for Windows to operate normally.
    Go to Start > Computer and right click C:drive.
    Choose Properties
    In the checkbox at the bottom, UNCHECK the box labeled "Allow files on this drive to have contents indexed...."
    Click Apply and OK
    If it asks whether to apply to all files and folders answer YES. Wait until it finishes (may be a while).
    ---------------------------------------------
    Run CKScanner
    Download CKScanner from HERE
    Important - Save it to your desktop.
    Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
    After a couple minutes or less, when some text appears in the box, click Save List To File.
    A message box will verify the file saved. It is important that you run the program just once..
    Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.

    So we are looking for the log from CKScanner.
    askey127
     
  3. field4

    field4 Thread Starter

    Joined:
    Oct 15, 2009
    Messages:
    25
    Hi
    Thanks for your reply. I have removed as much as I can from the computer and now have 4.93 GB free space. The internet explorer seems to shut down a lot and sometimes I cannot type in the space on the computer screen say for google. When this happens another box pops up or another window opens for internet explorer. I have downloaded the latest IE but the problem still pops up from time to time. Also sometimes the left and right keys do not work. Below is the log which seems to be a bit short is posted.


    Thanks


    6CAwuLCFCKScanner 2.4 - Additional Security Risks - These are not necessarily bad
    c:\windows\kj\kmservice.exe
    scanner sequence 3.NA.11.ADABXA
    ----- EOF -----
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    field4,
    -----------------------------------------------------------
    Download MGA Diagnostic Tool to your Desktop.
    • Double click MGADiag.exe to launch the program.
    • Click Continue and let the scan run.
    • When finished it will have created a log.
    • Click Copy.
    • Next open Notepad.
      • Click Start > Run type Notepad click OK.
      • This will open an empty Notepad file.
      • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
      • Save the file to your Desktop.
    • Close MGA Diagnostic Tool.
    • Copy/Paste the Notepad log you just made in your next reply please.
    -----------------------------------------------------------
    We need to run a scanner that can do some removals.
    Download and Run Farbar Scan Tool
    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. (Your system appears to be 64-bit).
    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from (desktop).
    • Please copy and paste the log back here.
    • The first time the tool is run, it generates another log Addition.txt - also located in the same directory as FRST64.exe(desktop). Please also paste that along with the FRST.txt into your reply.

    askey127
     
  5. field4

    field4 Thread Starter

    Joined:
    Oct 15, 2009
    Messages:
    25
    Hi


    Below are the logs.
    Thanks


    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-V9488-FGM44-2C9T3
    Windows Product Key Hash: rmk1OjF0iZq7gQoRmEcpnJHr0oc=
    Windows Product ID: 00426-OEM-8992662-00010
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {A59D5FFD-D5F9-48B2-AEC9-46876FFA229F}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.130828-1532
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A59D5FFD-D5F9-48B2-AEC9-46876FFA229F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-2C9T3</PKey><PID>00426-OEM-8992662-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3716241306-373648678-3865269016</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dm1 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.13</Version><SMBIOSVersion major="2" minor="7"/><Date>20110707000000.000000+000</Date></BIOS><HWID>842B0900018400FC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
    Spsys.log Content: 0x80070002
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600010-02-2057-7601.0000-1442013
    Installation ID: 005432650976482034063745660096213296779921165945628191
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: 2C9T3
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 12/03/2014 17:47:29
    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 2:27:2014 14:13
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:

    HWID Data-->
    HWID Hash Current: MgAAAAAAAQABAAEAAAACAAAABQABAAEA6GE+T0K3qmVqgWI9Smse1b7DiNYwqPpo/Ag=
    OEM Activation 1.0 Data-->
    N/A
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC HP INSYDE
    FACP HPQOEM SLIC-MPC
    HPET HP INSYDE
    BOOT HP INSYDE
    MCFG HP INSYDE
    SLIC HPQOEM SLIC-MPC
    SSDT HP INSYDE
    SSDT HP INSYDE


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
    Ran by HP (administrator) on HP-PC on 12-03-2014 17:56:26
    Running from C:\Users\HP\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (AMD) C:\Windows\system32\atiesrxx.exe
    (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIJE.EXE
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (SAMSUNG ELECTRONICS) C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
    (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-29] (Synaptics Incorporated)
    HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [78904 2011-04-27] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
    HKLM-x32\...\Run: [SMSTray] - C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [EPSON SX410 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [223232 2008-10-01] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-17] (SUPERAntiSpyware)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\MountPoints2: {5597aa0e-065b-11e3-a218-2c27d7ad9046} - E:\SETUP.EXE
    Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk
    ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB688091DA934CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...yBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...yBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...yBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...yBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...yBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...yBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...3-4A97-985B-5CFA5B615127&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...3-4A97-985B-5CFA5B615127&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
    FireFox:
    ========
    FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default
    FF user.js: detected! => C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\user.js
    FF DefaultSearchEngine: Conduit Search
    FF SelectedSearchEngine: Conduit Search
    FF Homepage: hxxp://search.conduit.com/?ctid=CT3324774&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD8385157-0273-4A97-985B-5CFA5B615127&SSPV=
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\searchplugins\conduit-search.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
    FF Extension: SavingsBull - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\[email protected] [2014-03-04]
    FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\staged [2013-10-17]
    FF Extension: WOT - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-22]
    FF Extension: MySearchDial - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2013-10-18]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-18]
    Chrome:
    =======
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR Extension: (No Name) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-11]
    CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\HP\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2014-03-11]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
    ==================== Services (Whitelisted) =================
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-04] (Advanced Micro Devices, Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    ==================== Drivers (Whitelisted) ====================
    R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
    R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
    R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-18] (AVAST Software)
    R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-18] (AVAST Software)
    R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-18] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    S3 btmaudio; system32\drivers\btmaud.sys [X]
    S3 BTMCOM; System32\Drivers\btmcom.sys [X]
    S3 clwvd; system32\DRIVERS\clwvd.sys [X]
    S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2014-03-12 17:56 - 2014-03-12 17:56 - 00017784 _____ () C:\Users\HP\Desktop\FRST.txt
    2014-03-12 17:56 - 2014-03-12 17:56 - 00000000 ____D () C:\FRST
    2014-03-12 17:55 - 2014-03-12 17:55 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
    2014-03-12 17:47 - 2014-03-12 17:48 - 00000000 ____D () C:\MGADiagToolOutput
    2014-03-12 17:47 - 2014-03-12 17:47 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
    2014-03-12 17:46 - 2014-03-12 17:46 - 02031992 _____ (Microsoft Corporation) C:\Users\HP\Desktop\MGADiag.exe
    2014-03-12 10:46 - 2014-03-12 10:46 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-03-12 10:46 - 2014-03-12 10:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-03-12 10:45 - 2014-03-12 10:45 - 00282984 _____ (Mozilla) C:\Users\HP\Desktop\Firefox Setup Stub 27.0.1.exe
    2014-03-12 09:59 - 2014-03-12 09:59 - 00000156 _____ () C:\Users\HP\Desktop\ckfiles.txt
    2014-03-12 09:57 - 2014-03-12 09:57 - 00468480 _____ () C:\Users\HP\Desktop\CKScanner.exe
    2014-03-11 15:22 - 2014-03-11 15:22 - 00003872 _____ () C:\Windows\PFRO.log
    2014-03-11 14:10 - 2014-03-11 14:10 - 00000000 ____D () C:\SUPERDelete
    2014-03-10 17:39 - 2014-03-12 08:32 - 00000392 _____ () C:\Windows\setupact.log
    2014-03-10 17:39 - 2014-03-10 17:39 - 00000000 _____ () C:\Windows\setuperr.log
    2014-03-04 17:02 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
    2014-03-04 16:39 - 2014-03-04 16:39 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-04 16:39 - 2014-03-04 16:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-04 16:39 - 2014-03-04 16:39 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-03-04 16:39 - 2014-03-04 16:39 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-03-04 16:39 - 2014-03-04 16:39 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2014-03-04 16:39 - 2014-03-04 16:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2014-03-04 16:39 - 2014-03-04 16:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-03-04 16:39 - 2014-03-04 16:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-03-04 16:39 - 2014-03-04 16:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2014-03-04 16:39 - 2014-03-04 16:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2014-03-04 16:39 - 2014-03-04 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2014-03-04 16:37 - 2014-03-04 16:37 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-03-04 16:37 - 2014-03-04 16:37 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-03-04 16:37 - 2014-03-04 16:37 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
    2014-03-04 12:22 - 2014-03-12 10:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-02-28 17:10 - 2014-03-06 08:07 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
    2014-02-28 17:10 - 2014-02-28 17:25 - 01311683 _____ () C:\Windows\system32\SavingsBullFilterService.log
    2014-02-28 17:10 - 2014-02-28 17:10 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
    2014-02-28 17:10 - 2014-02-28 17:10 - 00000000 _____ () C:\Windows\system32\Service.log
    2014-02-28 17:09 - 2014-03-11 17:22 - 00000000 ____D () C:\Program Files\Level Quality Watcher
    2014-02-28 17:09 - 2014-02-28 17:09 - 00000000 ____D () C:\Users\HP\AppData\Roaming\addpcs
    2014-02-27 13:36 - 2014-02-27 13:36 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
    2014-02-27 13:36 - 2014-02-27 13:36 - 00000000 ____D () C:\Users\HP\AppData\Local\Skype
    ==================== One Month Modified Files and Folders =======
    2014-03-12 17:56 - 2014-03-12 17:56 - 00017784 _____ () C:\Users\HP\Desktop\FRST.txt
    2014-03-12 17:56 - 2014-03-12 17:56 - 00000000 ____D () C:\FRST
    2014-03-12 17:55 - 2014-03-12 17:55 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
    2014-03-12 17:52 - 2009-07-14 04:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-12 17:52 - 2009-07-14 04:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-12 17:48 - 2014-03-12 17:47 - 00000000 ____D () C:\MGADiagToolOutput
    2014-03-12 17:47 - 2014-03-12 17:47 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
    2014-03-12 17:46 - 2014-03-12 17:46 - 02031992 _____ (Microsoft Corporation) C:\Users\HP\Desktop\MGADiag.exe
    2014-03-12 17:44 - 2013-08-19 18:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-03-12 17:44 - 2013-08-19 18:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-03-12 17:44 - 2013-08-19 18:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-03-12 17:44 - 2013-08-19 18:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-03-12 17:44 - 2013-08-16 11:28 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
    2014-03-12 17:44 - 2013-05-20 16:15 - 01408431 _____ () C:\Windows\WindowsUpdate.log
    2014-03-12 10:46 - 2014-03-12 10:46 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-03-12 10:46 - 2014-03-12 10:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-03-12 10:46 - 2014-03-04 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-12 10:45 - 2014-03-12 10:45 - 00282984 _____ (Mozilla) C:\Users\HP\Desktop\Firefox Setup Stub 27.0.1.exe
    2014-03-12 10:37 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2014-03-12 09:59 - 2014-03-12 09:59 - 00000156 _____ () C:\Users\HP\Desktop\ckfiles.txt
    2014-03-12 09:57 - 2014-03-12 09:57 - 00468480 _____ () C:\Users\HP\Desktop\CKScanner.exe
    2014-03-12 08:56 - 2013-10-22 15:21 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
    2014-03-12 08:43 - 2013-05-24 17:21 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-03-12 08:33 - 2013-08-18 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-03-12 08:33 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-12 08:32 - 2014-03-10 17:39 - 00000392 _____ () C:\Windows\setupact.log
    2014-03-11 17:23 - 2013-05-20 19:53 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-03-11 17:22 - 2014-02-28 17:09 - 00000000 ____D () C:\Program Files\Level Quality Watcher
    2014-03-11 15:22 - 2014-03-11 15:22 - 00003872 _____ () C:\Windows\PFRO.log
    2014-03-11 15:20 - 2013-05-20 19:53 - 00000000 ____D () C:\Users\HP\AppData\Local\Google
    2014-03-11 15:18 - 2013-05-20 19:53 - 00000000 ____D () C:\Users\HP\AppData\Local\Deployment
    2014-03-11 14:10 - 2014-03-11 14:10 - 00000000 ____D () C:\SUPERDelete
    2014-03-11 12:17 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-11 12:13 - 2013-09-09 16:12 - 00003128 _____ () C:\Windows\System32\Tasks\proXPN
    2014-03-10 17:40 - 2013-10-22 15:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-03-10 17:39 - 2014-03-10 17:39 - 00000000 _____ () C:\Windows\setuperr.log
    2014-03-10 15:54 - 2013-05-21 01:11 - 00000000 ____D () C:\Windows\Panther
    2014-03-10 15:47 - 2013-09-24 21:56 - 00000000 ____D () C:\Users\HP\Desktop\paulcavel
    2014-03-10 15:42 - 2013-09-25 14:51 - 00000000 ____D () C:\Users\HP\Desktop\lynn
    2014-03-10 12:29 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
    2014-03-06 13:30 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\LiveKernelReports
    2014-03-06 08:07 - 2014-02-28 17:10 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
    2014-03-04 17:05 - 2013-05-20 17:02 - 00001413 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-03-04 17:02 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-03-04 16:39 - 2014-03-04 16:39 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-04 16:39 - 2014-03-04 16:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-04 16:39 - 2014-03-04 16:39 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-03-04 16:39 - 2014-03-04 16:39 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-03-04 16:39 - 2014-03-04 16:39 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2014-03-04 16:39 - 2014-03-04 16:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2014-03-04 16:39 - 2014-03-04 16:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-03-04 16:39 - 2014-03-04 16:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-03-04 16:39 - 2014-03-04 16:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2014-03-04 16:39 - 2014-03-04 16:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2014-03-04 16:39 - 2014-03-04 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2014-03-04 16:37 - 2014-03-04 16:37 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-03-04 16:37 - 2014-03-04 16:37 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-03-04 16:37 - 2014-03-04 16:37 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
    2014-02-28 17:25 - 2014-02-28 17:10 - 01311683 _____ () C:\Windows\system32\SavingsBullFilterService.log
    2014-02-28 17:10 - 2014-02-28 17:10 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
    2014-02-28 17:10 - 2014-02-28 17:10 - 00000000 _____ () C:\Windows\system32\Service.log
    2014-02-28 17:09 - 2014-02-28 17:09 - 00000000 ____D () C:\Users\HP\AppData\Roaming\addpcs
    2014-02-28 17:06 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-02-28 15:21 - 2013-08-16 10:59 - 00000000 ____D () C:\Users\HP\AppData\Roaming\DAEMON Tools Lite
    2014-02-27 13:36 - 2014-02-27 13:36 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
    2014-02-27 13:36 - 2014-02-27 13:36 - 00000000 ____D () C:\Users\HP\AppData\Local\Skype
    2014-02-27 13:36 - 2013-10-22 15:20 - 00000000 ____D () C:\ProgramData\Skype
    2014-02-27 13:33 - 2013-05-20 18:45 - 00000000 ____D () C:\ProgramData\Ralink Driver
    2014-02-27 13:33 - 2013-05-20 18:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-02-27 13:33 - 2013-05-20 17:01 - 00000000 ____D () C:\Users\HP
    2014-02-27 13:33 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
    2014-02-27 13:24 - 2013-08-21 07:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Mozilla
    2014-02-27 11:41 - 2013-05-20 17:01 - 00000000 ____D () C:\Users\HP\AppData\Local\VirtualStore
    Some content of TEMP:
    ====================
    C:\Users\HP\AppData\Local\Temp\proXPN-2.7.0-install001.exe

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-03-10 12:16
    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
    Ran by HP at 2014-03-12 17:57:34
    Running from C:\Users\HP\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
    AMD Fuel (Version: 2011.0804.255.3304 - AMD) Hidden
    AMD Media Foundation Decoders (Version: 1.0.60804.0047 - ATI Technologies Inc.) Hidden
    AMD VISION Engine Control Center (x32 Version: 2011.0804.255.3304 - ATI) Hidden
    Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
    ATI Catalyst Install Manager (HKLM\...\{96BB7EC1-BE6E-1616-3E92-086D617A9D49}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0804.255.3304 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.0804.255.3304 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.0804.255.3304 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Czech (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Danish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help English (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help French (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help German (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Greek (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Italian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Korean (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Polish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Russian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Thai (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    ccc-utility64 (Version: 2011.0804.255.3304 - ATI) Hidden
    ContentSAFER for Wizmax (HKLM-x32\...\{C19BE821-89B1-4A96-AC7C-873810C0CB5F}) (Version: - )
    EmoDio (HKLM-x32\...\InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 1.0 - Samsung)
    EmoDio (x32 Version: 1.0 - Samsung) Hidden
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
    EPSON XP-402 403 405 406 Series Printer Uninstall (HKLM\...\EPSON XP-402 403 405 406 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{B18BEB15-A9DA-43D7-BAE1-C6C67484C2C0}) (Version: 5.1.1 - Hewlett-Packard)
    FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
    Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
    HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP QuickWeb (HKLM-x32\...\{FE1141B3-F498-4144-A30C-25F4C6AD725A}) (Version: 3.0.1.9387 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
    jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
    Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 27.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-GB)) (Version: 27.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
    neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
    proXPN 2.5.3 (HKLM-x32\...\proXPN) (Version: 2.5.3 - )
    Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.27.920.2010 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
    SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
    SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
    Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
    Skype&#8482; 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.5.0 - Synaptics Incorporated)
    Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
    Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    ==================== Restore Points =========================

    ==================== Hosts content: ==========================
    2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    Task: {0D662119-E3F9-40E8-8938-F9EB71AC62B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
    Task: {26AD922F-02C0-4574-8335-1FD145E25299} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
    Task: {4B1BC075-5B6C-4A6E-993A-C67CD12CC7C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
    Task: {662D019D-4656-4142-B6E9-D74270A1D71E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
    Task: {6ADB9C3E-720C-4D90-BF78-C2E94C79A2D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
    Task: {90AD1FA3-B1EF-476C-B224-BCADDB6837A5} - System32\Tasks\proXPN => C:\Program Files (x86)\proXPN\bin\proxpn.exe [2013-07-11] (proXPN.com)
    Task: {AEBE3BF5-D706-465C-970F-D48C8C8F78A8} - \AutoKMS No Task File
    Task: {BDD69A03-AB36-4E20-919B-F9DFA3165681} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
    Task: {F25A4AF0-888B-4601-9E8D-B6401A3AA0AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
    ==================== Loaded Modules (whitelisted) =============
    2011-08-04 02:05 - 2011-08-04 02:05 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2011-08-04 02:05 - 2011-08-04 02:05 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2011-08-04 01:53 - 2011-08-04 01:53 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-06-17 12:42 - 2011-06-17 12:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
    2014-03-12 17:45 - 2014-03-12 08:54 - 02283008 _____ () C:\Program Files\AVAST Software\Avast\defs\14031200\algo.dll
    2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    ==================== Alternate Data Streams (whitelisted) =========

    ==================== Safe Mode (whitelisted) ===================

    ==================== Disabled items from MSCONFIG ==============

    ==================== Faulty Device Manager Devices =============
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (03/10/2014 05:40:17 PM) (Source: Windows Search Service) (User: )
    Description: The index cannot be initialized.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (03/10/2014 05:40:17 PM) (Source: Windows Search Service) (User: )
    Description: The application cannot be initialized.
    Context: Windows Application

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (03/10/2014 05:40:17 PM) (Source: Windows Search Service) (User: )
    Description: The gatherer object cannot be initialized.
    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (03/10/2014 05:40:17 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
    Context: Windows Application, SystemIndex Catalog

    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)
    Error: (03/10/2014 05:40:16 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.
    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (03/10/2014 05:40:16 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service cannot load the property store information.
    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
    Error: (03/10/2014 05:40:16 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (03/10/2014 05:40:16 PM) (Source: Windows Search Service) (User: )
    Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (03/10/2014 05:40:15 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service cannot open the Jet property store.

    Details:
    0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
    Error: (03/10/2014 05:40:15 PM) (Source: ESENT) (User: )
    Description: Windows (3988) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0008F.log.

    System errors:
    =============
    Error: (03/12/2014 05:44:16 PM) (Source: volsnap) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    Error: (03/12/2014 08:34:38 AM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (03/12/2014 08:33:09 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom
    Error: (03/11/2014 09:40:27 PM) (Source: DCOM) (User: )
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
    Error: (03/11/2014 03:24:35 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (03/11/2014 03:23:16 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom
    Error: (03/11/2014 00:14:13 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (03/11/2014 00:12:56 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom
    Error: (03/11/2014 00:11:53 PM) (Source: volsnap) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    Error: (03/11/2014 09:37:30 AM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Microsoft Office Sessions:
    =========================
    Error: (03/10/2014 05:40:17 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (03/10/2014 05:40:17 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (03/10/2014 05:40:17 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (03/10/2014 05:40:17 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog

    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)
    Search.TripoliIndexer
    Error: (03/10/2014 05:40:16 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Search.JetPropStore
    Error: (03/10/2014 05:40:16 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog

    Details:
    The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
    Error: (03/10/2014 05:40:16 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    The catalog is corrupt
    Error: (03/10/2014 05:40:16 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    4700
    Error: (03/10/2014 05:40:15 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
    Error: (03/10/2014 05:40:15 PM) (Source: ESENT)(User: )
    Description: Windows3988Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0008F.log-1811

    ==================== Memory info ===========================
    Percentage of memory in use: 46%
    Total physical RAM: 3689.9 MB
    Available physical RAM: 1987.89 MB
    Total Pagefile: 7377.98 MB
    Available Pagefile: 5099.48 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:29.44 GB) (Free:4.97 GB) NTFS
    Drive d: () (Fixed) (Total:263.55 GB) (Free:258.49 GB) NTFS
    Drive f: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:2.14 GB) FAT32
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1540871D)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=29 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=264 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)
    ==================== End Of Log ============================
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    field4,
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    SavingsBull

    Take extra care in answering questions posed by any Uninstaller.
    --------------------------------------------
    Go to Start > Control Panel > Programs and Features
    On the left side click on the link labeled Turn Windows Features ON or OFF
    Uncheck Indexing Service

    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    --------------------------------------------
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it in your next reply.
    -------------------------------------------------------------
    Download MyDefrag from here and Install it : http://www.mydefrag.com/
    (The download button is on the left).
    After Installation, run MyDefrag in Daily Mode on the C: drive
    (Click System Disk Daily and then check C: drive, click Run)
    Wait for it. It goes through 6 Zones. The Window will be labeled Finished at the top when it is done.
    On this machine, with limited system drive space, you will need to clear the temp files with TFC and run MyDefrag every week or two.

    askey127
     

    Attached Files:

  7. field4

    field4 Thread Starter

    Joined:
    Oct 15, 2009
    Messages:
    25
    Hi


    Thanks for your quick reply below is the log.


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
    Ran by HP at 2014-03-13 08:51:05 Run:1
    Running from C:\Users\HP\Desktop
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...=2002946080&ir=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...=2002946080&ir=
    SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.as...rchTerms}&SSPV=
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.as...rchTerms}&SSPV=
    BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    FF DefaultSearchEngine: Conduit Search
    FF SelectedSearchEngine: Conduit Search
    FF Homepage: hxxp://search.conduit.com/?ctid=CT3324774&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD8385 157-0273-4A97-985B-5CFA5B615127&SSPV=
    C:\Program Files\Level Quality Watcher
    SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
    SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
    *****************
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
    HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
    HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
    Firefox DefaultSearchEngine deleted successfully.
    Firefox SelectedSearchEngine deleted successfully.
    Firefox homepage deleted successfully.
    C:\Program Files\Level Quality Watcher => Moved successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}\\SystemComponent => Value deleted successfully.
    ==== End of Fixlog ====
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Please tell me how it's running.
    Also, are C: and D: physically separate, or are they two partitions on the same hard drive?
     
  9. field4

    field4 Thread Starter

    Joined:
    Oct 15, 2009
    Messages:
    25
    Hi
    I have checked the disk management console window and it lists Disk 0 with d drive a partition.


    Thanks
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    How is it running?
     
  11. field4

    field4 Thread Starter

    Joined:
    Oct 15, 2009
    Messages:
    25
    Hi


    The computer is running better, smoother. The IE and firefox are still acting odd, IE is a bit jerky slow but that may be my internet speed. The fire fox is really buggy, when I open up the open loads of other windows open up that seem like spam advertising etc. Do you think it is worth taking fire fox off running spyware and then putting it back on. Never had a problem like this with firefox it is normally pretty good.


    Thanks
     
  12. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Please scan again with FRST. Please paste the new version of FRST.txt in a reply here.
     
  13. field4

    field4 Thread Starter

    Joined:
    Oct 15, 2009
    Messages:
    25
    Hi


    The savingbull software has appeared back in list of programs in the control panel. When I have tried to uninstall it, it says I cannot as have to locate where it is situated?


    Below is the scan log


    Thanks


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
    Ran by HP (administrator) on HP-PC on 14-03-2014 14:43:28
    Running from C:\Users\HP\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (AMD) C:\Windows\system32\atiesrxx.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (proXPN.com) C:\Program Files (x86)\proXPN\bin\proxpn.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIJE.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (SAMSUNG ELECTRONICS) C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe

    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-29] (Synaptics Incorporated)
    HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [78904 2011-04-27] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
    HKLM-x32\...\Run: [SMSTray] - C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe [479232 2009-04-16] (SAMSUNG ELECTRONICS)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [EPSON SX410 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [223232 2008-10-01] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-17] (SUPERAntiSpyware)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
    HKU\S-1-5-21-3716241306-373648678-3865269016-1000\...\MountPoints2: {5597aa0e-065b-11e3-a218-2c27d7ad9046} - E:\SETUP.EXE
    Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk
    ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8500 A910.lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB688091DA934CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...yBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...yBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...yBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...yBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2002946080&ir=
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
    FireFox:
    ========
    FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default
    FF user.js: detected! => C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\user.js
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\searchplugins\conduit-search.xml
    FF Extension: SavingsBull - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\[email protected] [2014-03-04]
    FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\staged [2013-10-17]
    FF Extension: WOT - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-22]
    FF Extension: MySearchDial - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2013-10-18]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-18]
    Chrome:
    =======
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR Extension: (No Name) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-11]
    CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\HP\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2014-03-11]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
    ==================== Services (Whitelisted) =================
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-04] (Advanced Micro Devices, Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    ==================== Drivers (Whitelisted) ====================
    R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
    R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
    R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-18] (AVAST Software)
    R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-18] (AVAST Software)
    R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-18] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    S3 btmaudio; system32\drivers\btmaud.sys [X]
    S3 BTMCOM; System32\Drivers\btmcom.sys [X]
    S3 clwvd; system32\DRIVERS\clwvd.sys [X]
    S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2014-03-14 14:43 - 2014-03-14 14:43 - 00015635 _____ () C:\Users\HP\Desktop\FRST.txt
    2014-03-13 08:56 - 2014-03-13 09:23 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
    2014-03-13 08:56 - 2014-03-13 08:56 - 00004096 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Monthly
    2014-03-13 08:56 - 2014-03-13 08:56 - 00003416 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Daily
    2014-03-13 08:56 - 2014-03-13 08:56 - 00000863 _____ () C:\Users\Public\Desktop\MyDefrag.lnk
    2014-03-13 08:56 - 2010-05-21 12:11 - 01147392 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.exe
    2014-03-13 08:56 - 2010-05-21 12:11 - 00485376 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.scr
    2014-03-13 08:54 - 2014-03-13 08:55 - 02082630 _____ (J.C. Kessels ) C:\Users\HP\Desktop\MyDefrag-v4.3.1.exe
    2014-03-12 17:56 - 2014-03-14 14:43 - 00000000 ____D () C:\FRST
    2014-03-12 17:55 - 2014-03-12 17:55 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
    2014-03-12 17:47 - 2014-03-12 17:48 - 00000000 ____D () C:\MGADiagToolOutput
    2014-03-12 17:47 - 2014-03-12 17:47 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
    2014-03-12 17:46 - 2014-03-12 17:46 - 02031992 _____ (Microsoft Corporation) C:\Users\HP\Desktop\MGADiag.exe
    2014-03-12 10:45 - 2014-03-12 10:45 - 00282984 _____ (Mozilla) C:\Users\HP\Desktop\Firefox Setup Stub 27.0.1.exe
    2014-03-11 15:22 - 2014-03-14 12:34 - 00004194 _____ () C:\Windows\PFRO.log
    2014-03-11 14:10 - 2014-03-11 14:10 - 00000000 ____D () C:\SUPERDelete
    2014-03-10 17:39 - 2014-03-14 12:34 - 00000672 _____ () C:\Windows\setupact.log
    2014-03-10 17:39 - 2014-03-10 17:39 - 00000000 _____ () C:\Windows\setuperr.log
    2014-03-04 17:02 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
    2014-03-04 16:39 - 2014-03-04 16:39 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-04 16:39 - 2014-03-04 16:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-04 16:39 - 2014-03-04 16:39 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-03-04 16:39 - 2014-03-04 16:39 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-03-04 16:39 - 2014-03-04 16:39 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2014-03-04 16:39 - 2014-03-04 16:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2014-03-04 16:39 - 2014-03-04 16:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-03-04 16:39 - 2014-03-04 16:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-03-04 16:39 - 2014-03-04 16:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2014-03-04 16:39 - 2014-03-04 16:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2014-03-04 16:39 - 2014-03-04 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2014-03-04 16:37 - 2014-03-04 16:37 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-03-04 16:37 - 2014-03-04 16:37 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-03-04 16:37 - 2014-03-04 16:37 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
    2014-03-04 12:22 - 2014-03-14 11:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-02-28 17:10 - 2014-03-06 08:07 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
    2014-02-28 17:10 - 2014-02-28 17:25 - 01311683 _____ () C:\Windows\system32\SavingsBullFilterService.log
    2014-02-28 17:10 - 2014-02-28 17:10 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
    2014-02-28 17:10 - 2014-02-28 17:10 - 00000000 _____ () C:\Windows\system32\Service.log
    2014-02-28 17:09 - 2014-02-28 17:09 - 00000000 ____D () C:\Users\HP\AppData\Roaming\addpcs
    2014-02-27 13:36 - 2014-02-27 13:36 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
    2014-02-27 13:36 - 2014-02-27 13:36 - 00000000 ____D () C:\Users\HP\AppData\Local\Skype
    ==================== One Month Modified Files and Folders =======
    2014-03-14 14:43 - 2014-03-14 14:43 - 00015635 _____ () C:\Users\HP\Desktop\FRST.txt
    2014-03-14 14:43 - 2014-03-12 17:56 - 00000000 ____D () C:\FRST
    2014-03-14 14:40 - 2013-08-19 18:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-03-14 14:40 - 2013-08-16 11:28 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
    2014-03-14 14:39 - 2013-10-22 15:21 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
    2014-03-14 12:42 - 2009-07-14 04:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-14 12:42 - 2009-07-14 04:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-14 12:40 - 2013-08-18 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-03-14 12:39 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2014-03-14 12:37 - 2013-05-20 16:15 - 01444760 _____ () C:\Windows\WindowsUpdate.log
    2014-03-14 12:36 - 2013-09-09 16:12 - 00003128 _____ () C:\Windows\System32\Tasks\proXPN
    2014-03-14 12:34 - 2014-03-11 15:22 - 00004194 _____ () C:\Windows\PFRO.log
    2014-03-14 12:34 - 2014-03-10 17:39 - 00000672 _____ () C:\Windows\setupact.log
    2014-03-14 12:34 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-14 11:16 - 2014-03-04 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-13 17:14 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-13 09:23 - 2014-03-13 08:56 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
    2014-03-13 08:56 - 2014-03-13 08:56 - 00004096 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Monthly
    2014-03-13 08:56 - 2014-03-13 08:56 - 00003416 _____ () C:\Windows\System32\Tasks\MyDefrag v4.3.1 Daily
    2014-03-13 08:56 - 2014-03-13 08:56 - 00000863 _____ () C:\Users\Public\Desktop\MyDefrag.lnk
    2014-03-13 08:55 - 2014-03-13 08:54 - 02082630 _____ (J.C. Kessels ) C:\Users\HP\Desktop\MyDefrag-v4.3.1.exe
    2014-03-13 08:26 - 2013-08-19 18:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-03-13 08:26 - 2013-08-19 18:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-03-13 08:26 - 2013-08-19 18:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-03-12 17:55 - 2014-03-12 17:55 - 02157056 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
    2014-03-12 17:48 - 2014-03-12 17:47 - 00000000 ____D () C:\MGADiagToolOutput
    2014-03-12 17:47 - 2014-03-12 17:47 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
    2014-03-12 17:46 - 2014-03-12 17:46 - 02031992 _____ (Microsoft Corporation) C:\Users\HP\Desktop\MGADiag.exe
    2014-03-12 10:45 - 2014-03-12 10:45 - 00282984 _____ (Mozilla) C:\Users\HP\Desktop\Firefox Setup Stub 27.0.1.exe
    2014-03-12 08:43 - 2013-05-24 17:21 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-03-11 17:23 - 2013-05-20 19:53 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-03-11 15:20 - 2013-05-20 19:53 - 00000000 ____D () C:\Users\HP\AppData\Local\Google
    2014-03-11 15:18 - 2013-05-20 19:53 - 00000000 ____D () C:\Users\HP\AppData\Local\Deployment
    2014-03-11 14:10 - 2014-03-11 14:10 - 00000000 ____D () C:\SUPERDelete
    2014-03-10 17:40 - 2013-10-22 15:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-03-10 17:39 - 2014-03-10 17:39 - 00000000 _____ () C:\Windows\setuperr.log
    2014-03-10 15:54 - 2013-05-21 01:11 - 00000000 ____D () C:\Windows\Panther
    2014-03-10 15:47 - 2013-09-24 21:56 - 00000000 ____D () C:\Users\HP\Desktop\paulcavel
    2014-03-10 15:42 - 2013-09-25 14:51 - 00000000 ____D () C:\Users\HP\Desktop\lynn
    2014-03-10 12:29 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
    2014-03-06 13:30 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\LiveKernelReports
    2014-03-06 08:07 - 2014-02-28 17:10 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
    2014-03-04 17:05 - 2013-05-20 17:02 - 00001413 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-03-04 17:02 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-03-04 16:39 - 2014-03-04 16:39 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-04 16:39 - 2014-03-04 16:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-04 16:39 - 2014-03-04 16:39 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-03-04 16:39 - 2014-03-04 16:39 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-03-04 16:39 - 2014-03-04 16:39 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2014-03-04 16:39 - 2014-03-04 16:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2014-03-04 16:39 - 2014-03-04 16:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-03-04 16:39 - 2014-03-04 16:39 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-03-04 16:39 - 2014-03-04 16:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2014-03-04 16:39 - 2014-03-04 16:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2014-03-04 16:39 - 2014-03-04 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-03-04 16:39 - 2014-03-04 16:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2014-03-04 16:38 - 2014-03-04 16:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2014-03-04 16:38 - 2014-03-04 16:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2014-03-04 16:37 - 2014-03-04 16:37 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-03-04 16:37 - 2014-03-04 16:37 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-03-04 16:37 - 2014-03-04 16:37 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2014-03-04 16:37 - 2014-03-04 16:37 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
    2014-02-28 17:25 - 2014-02-28 17:10 - 01311683 _____ () C:\Windows\system32\SavingsBullFilterService.log
    2014-02-28 17:10 - 2014-02-28 17:10 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
    2014-02-28 17:10 - 2014-02-28 17:10 - 00000000 _____ () C:\Windows\system32\Service.log
    2014-02-28 17:09 - 2014-02-28 17:09 - 00000000 ____D () C:\Users\HP\AppData\Roaming\addpcs
    2014-02-28 17:06 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-02-28 15:21 - 2013-08-16 10:59 - 00000000 ____D () C:\Users\HP\AppData\Roaming\DAEMON Tools Lite
    2014-02-27 13:36 - 2014-02-27 13:36 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
    2014-02-27 13:36 - 2014-02-27 13:36 - 00000000 ____D () C:\Users\HP\AppData\Local\Skype
    2014-02-27 13:36 - 2013-10-22 15:20 - 00000000 ____D () C:\ProgramData\Skype
    2014-02-27 13:33 - 2013-05-20 18:45 - 00000000 ____D () C:\ProgramData\Ralink Driver
    2014-02-27 13:33 - 2013-05-20 18:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-02-27 13:33 - 2013-05-20 17:01 - 00000000 ____D () C:\Users\HP
    2014-02-27 13:33 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
    2014-02-27 13:24 - 2013-08-21 07:15 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Mozilla
    2014-02-27 11:41 - 2013-05-20 17:01 - 00000000 ____D () C:\Users\HP\AppData\Local\VirtualStore
    Some content of TEMP:
    ====================
    C:\Users\HP\AppData\Local\Temp\proXPN-2.7.0-install001.exe

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-03-10 12:16
    ==================== End Of Log ============================
     
  14. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    First erase any instance of FixList.txt that you have on your desktop.

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  15. field4

    field4 Thread Starter

    Joined:
    Oct 15, 2009
    Messages:
    25
    Hi
    Thanks for your reply below is the log.


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
    Ran by HP at 2014-03-17 12:02:17 Run:2
    Running from C:\Users\HP\Desktop
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    S3 btmaudio; system32\drivers\btmaud.sys [X]
    S3 BTMCOM; System32\Drivers\btmcom.sys [X]
    S3 clwvd; system32\DRIVERS\clwvd.sys [X]
    S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\searc hplugins\conduit-search.xml
    FF Extension: SavingsBull - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Exten sions\[email protected] [2014-03-04]
    FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\searc hplugins\conduit-search.xml
    FF Extension: SavingsBull - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Exten sions\[email protected] [2014-03-04]
    FF Extension: MySearchDial - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Exten sions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2013-10-18]
    CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\HP\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2014-03-11]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
    *****************
    btmaudio => Service deleted successfully.
    BTMCOM => Service deleted successfully.
    clwvd => Service deleted successfully.
    STHDA => Service deleted successfully.
    VGPU => Service deleted successfully.
    "C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\searc hplugins\conduit-search.xml" => not found.
    C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Exten sions\[email protected] not found.
    "C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\searc hplugins\conduit-search.xml" => not found.
    C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Exten sions\[email protected] not found.
    C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\r94aby4y.default\Exten sions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} not found.
    HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
    "C:\Users\HP\AppData\Local\mysearchdial_speedial_v9.0.2.crx" => File/Directory not found.
    c2cautoupdatesvc => Service stopped successfully.
    c2cautoupdatesvc => Service deleted successfully.
    c2cpnrsvc => Service stopped successfully.
    c2cpnrsvc => Service deleted successfully.
    ==== End of Fixlog ====
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1120882

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice