Possible Malware unable to open mail

Thebearwrestler · October 31, 2014

Hi,

I am having problems with my Yahoo mail, I am able to login and preview my mail on the Yahoo homepage but when I click into my Yahoo mail a page opens up and jumps between two blank pages and does this for 30 seconds and then crashes my internet. In addition I have noticed that my computer is running a little slower.

I have tried using System Restore but I don't seem to have any restore points, I have gone into safe mode and still no restore points. I have read up that this could be a symptom of a virus. I have tried disabling Avg and then trying system restore but that has not worked.

I have Avg installed and this shows no issues so I have installed malwarebytes also but this has not solved the problem.

Can anyone give me any advice? apart from a fresh install of windows I am unsure what to do.

Cheers

Gary

Plastic Nev · October 31, 2014

Please wait for one of our malware guys to take a look by all means, however I have posted a possible answer in the other thread you started here :-

http://extremetechsupport.com/threads/16535-Not-able-to-open-Yahoo-Mail?p=109263#post109263

Otherwise if still concerned it may be malware related, please follow everything here.

http://extremetechsupport.com/threads/15547-Before-posting-for-Malware-Removal-help-WinXP-Vista-Win7-Win8-amp-Win8-1#.VFPvDslKTE4

Follow the instructions in that posting then post your logs below here please.

Nev.

Thebearwrestler · November 1, 2014

Hi,

Logs as follows........

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 01/11/2014

Scan Time: 19:19:03

Logfile:

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.11.01.07

Rootkit Database: v2014.11.01.02

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Gary

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 309811

Time Elapsed: 6 min, 7 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 1

PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [4d4eff3774083cfad46ffb43b54ed62a],

Registry Values: 1

PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [4d4eff3774083cfad46ffb43b54ed62a]

Registry Data: 0

(No malicious items detected)

Folders: 24

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect, Quarantined, [7f1cd75f681448eea5696aa4c73ce818],

PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\SearchProtect, Quarantined, [7f1cd75f681448eea5696aa4c73ce818],

PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [7f1cd75f681448eea5696aa4c73ce818],

PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [7f1cd75f681448eea5696aa4c73ce818],

PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\UI, Quarantined, [7f1cd75f681448eea5696aa4c73ce818],

PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\UI\rep, Quarantined, [7f1cd75f681448eea5696aa4c73ce818],

Files: 78

PUP.Optional.Conduit.A, C:\Users\Gary\AppData\Local\Temp\air9A8A.exe, Quarantined, [95062c0a720a87af7a49bc770bf66799],

PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\Temp\nshD705.exe, Quarantined, [970467cf324a42f4b8dd88b89d64da26],

PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\Temp\nsmC26A.exe, Quarantined, [1388989ee79595a19ef745fbe819c937],

PUP.Optional.Conduit.A, C:\Users\Gary\AppData\Local\Temp\nsbA364\SpSetup.exe, Quarantined, [1982092d0973b185276075c0f70a57a9],

PUP.Optional.Conduit.A, C:\Windows\Temp\nsb7D6D.exe, Quarantined, [386364d20577cd698a1d7524956cfc04],

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsf5318.exe, Quarantined, [0299f0463844b1858e07de6243be0df3],

PUP.Optional.Conduit.A, C:\Windows\Temp\nsg2DF6.exe, Quarantined, [b4e7d066e19be5513c6b4851fc0519e7],

PUP.Optional.Conduit.A, C:\Windows\Temp\nsg4B85.exe, Quarantined, [653686b0f08c2a0cf3b43663b051c937],

PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv3A79.exe, Quarantined, [faa1ef478af25cdaf89d8bb503febe42],

PUP.Optional.Conduit.A, C:\Windows\Temp\nsv9E36.exe, Quarantined, [6e2d181e4b315dd92780603980812cd4],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a],

PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [7f1cd75f681448eea5696aa4c73ce818],

PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [7f1cd75f681448eea5696aa4c73ce818],

PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [7f1cd75f681448eea5696aa4c73ce818],

Physical Sectors: 0

(No malicious items detected)

(end)

Thebearwrestler · November 1, 2014

and the others....

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014

Ran by Gary (administrator) on GARY-PC on 01-11-2014 19:39:35

Running from C:\Users\Gary\Downloads

Loaded Profile: Gary (Available profiles: Gary)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe

(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

(Farbar) C:\Users\Gary\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)

HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)

HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-12-21] (FNet Co., Ltd.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()

HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [ASRockXTU] => [X]

HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [zASRockInstantBoot] => [X]

HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Gary\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=968c05e05d3b47d384916d16b29cdbfd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b

HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Gary\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=968c05e05d3b47d384916d16b29cdbfd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0214c

HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)

HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-16] (Electronic Arts)

HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)

HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\MountPoints2: {05a663c7-4bc4-11e2-9df2-806e6f6e6963} - D:\ASRSetup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3111718B04F3CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9961FE18-D203-4C88-AB35-5CE81CD36771}&mid=968c05e05d3b47d384916d16b29cdbfd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=avgab0&coid=avgtbavg&cmpid=&pr=sa&d=2014-02-07 21:30:07&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {BCBE0FE6-F243-49a1-87D1-3BDBE1791F24} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204

FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-07]

Chrome:

=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]

R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)

R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-05-05] (FNet Co., Ltd.)

R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-12-21] (FNet Co., Ltd.)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()

R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()

R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-01] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-11-01] ()

S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 19:39 - 2014-11-01 19:39 - 00019528 _____ () C:\Users\Gary\Downloads\FRST.txt

2014-11-01 19:38 - 2014-11-01 19:39 - 00000000 ____D () C:\FRST

2014-11-01 19:38 - 2014-11-01 19:38 - 02114048 _____ (Farbar) C:\Users\Gary\Downloads\FRST64.exe

2014-11-01 19:38 - 2014-11-01 19:38 - 02114048 _____ (Farbar) C:\Users\Gary\Downloads\FRST64 (1).exe

2014-11-01 19:26 - 2014-11-01 19:26 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp

2014-10-30 19:43 - 2014-10-31 23:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2FDB3184.sys

2014-10-29 19:43 - 2014-11-01 19:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-29 19:42 - 2014-10-31 23:41 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-29 19:42 - 2014-10-31 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-29 19:42 - 2014-10-31 23:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-29 19:42 - 2014-10-29 19:42 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-29 19:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-29 19:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-29 19:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-25 20:47 - 2014-10-25 20:47 - 00000000 ____H () C:\Users\Gary\Documents\Default.rdp

2014-10-25 20:25 - 2014-10-25 20:33 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\ICAClient

2014-10-25 20:25 - 2014-10-25 20:25 - 00001512 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk

2014-10-25 20:25 - 2014-10-25 20:25 - 00000000 ____D () C:\Users\Gary\AppData\Local\Citrix

2014-10-25 20:25 - 2014-10-25 20:25 - 00000000 ____D () C:\ProgramData\Citrix

2014-10-25 20:25 - 2014-10-25 20:25 - 00000000 ____D () C:\Program Files (x86)\Citrix

2014-10-25 20:24 - 2014-10-25 20:25 - 53860688 _____ (Citrix Systems, Inc.) C:\Users\Gary\Downloads\CitrixReceiver.exe

2014-10-18 20:03 - 2014-10-18 20:03 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\AVG2015

2014-10-18 19:49 - 2014-10-18 19:49 - 00000969 _____ () C:\Users\Public\Desktop\AVG 2015.lnk

2014-10-18 19:35 - 2014-10-18 19:49 - 00000000 ____D () C:\ProgramData\AVG2015

2014-10-18 19:13 - 2014-10-18 22:25 - 00000000 ____D () C:\Users\Gary\AppData\Local\Avg2015

2014-10-14 21:02 - 2014-10-10 02:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-14 21:02 - 2014-10-10 02:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-14 21:02 - 2014-10-10 02:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-14 21:02 - 2014-10-07 02:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-14 21:02 - 2014-10-07 02:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-14 21:02 - 2014-09-29 00:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-14 21:02 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-14 21:02 - 2014-09-25 22:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-14 21:02 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-14 21:02 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-14 21:02 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-14 21:02 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-14 21:02 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-14 21:02 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-14 21:02 - 2014-09-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-14 21:02 - 2014-09-19 01:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-14 21:02 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-14 21:02 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-14 21:02 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-14 21:02 - 2014-09-19 01:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-14 21:02 - 2014-09-19 01:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-14 21:02 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-14 21:02 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-14 21:02 - 2014-09-19 01:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-14 21:02 - 2014-09-19 01:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-14 21:02 - 2014-09-19 01:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-14 21:02 - 2014-09-19 01:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-14 21:02 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-14 21:02 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-14 21:02 - 2014-09-19 01:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-14 21:02 - 2014-09-19 01:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-14 21:02 - 2014-09-19 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-14 21:02 - 2014-09-19 01:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-14 21:02 - 2014-09-19 01:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-14 21:02 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-14 21:02 - 2014-09-19 01:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-14 21:02 - 2014-09-19 01:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-14 21:02 - 2014-09-19 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-14 21:02 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-14 21:02 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-14 21:02 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-14 21:02 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-14 21:02 - 2014-09-19 00:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-14 21:02 - 2014-09-19 00:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-14 21:02 - 2014-09-19 00:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-14 21:02 - 2014-09-19 00:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-14 21:02 - 2014-09-19 00:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-14 21:02 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-14 21:02 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-14 21:02 - 2014-09-19 00:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-14 21:02 - 2014-09-19 00:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-14 21:02 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-14 21:02 - 2014-09-19 00:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-14 21:02 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-14 21:02 - 2014-09-19 00:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-14 21:02 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-14 21:02 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-14 21:02 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-14 21:02 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-14 21:02 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-14 21:02 - 2014-08-19 03:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2014-10-14 21:02 - 2014-08-19 03:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2014-10-14 21:02 - 2014-08-19 03:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2014-10-14 21:02 - 2014-08-19 03:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2014-10-14 21:02 - 2014-08-19 03:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2014-10-14 21:02 - 2014-08-19 03:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2014-10-14 21:02 - 2014-08-19 03:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2014-10-14 21:02 - 2014-08-19 03:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2014-10-14 21:02 - 2014-08-19 03:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2014-10-14 21:02 - 2014-08-19 03:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2014-10-14 21:02 - 2014-08-19 02:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2014-10-14 21:02 - 2014-08-19 02:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2014-10-14 21:02 - 2014-08-19 02:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2014-10-14 21:02 - 2014-07-07 02:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2014-10-14 21:02 - 2014-07-07 02:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2014-10-14 21:02 - 2014-07-07 02:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-10-14 21:02 - 2014-07-07 02:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-10-14 21:02 - 2014-07-07 02:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-10-14 21:02 - 2014-07-07 02:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2014-10-14 21:02 - 2014-07-07 02:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2014-10-14 21:02 - 2014-07-07 02:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2014-10-14 21:02 - 2014-07-07 02:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2014-10-14 21:02 - 2014-07-07 02:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2014-10-14 21:02 - 2014-07-07 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-10-14 21:02 - 2014-07-07 01:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2014-10-14 21:02 - 2014-07-07 01:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2014-10-14 21:02 - 2014-07-07 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2014-10-14 21:02 - 2014-07-07 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2014-10-14 21:02 - 2014-07-07 01:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2014-10-14 21:02 - 2014-07-07 01:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2014-10-14 21:02 - 2014-07-07 01:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2014-10-14 21:02 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-10-14 21:02 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-10-14 21:02 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-10-14 21:02 - 2014-06-28 00:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2014-10-14 21:02 - 2014-06-28 00:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2014-10-14 21:02 - 2014-06-28 00:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2014-10-14 21:02 - 2014-06-18 22:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-14 21:02 - 2014-06-18 22:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-14 21:02 - 2014-06-18 22:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-14 21:02 - 2014-06-18 22:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-14 21:02 - 2014-06-18 22:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-14 21:02 - 2014-06-18 22:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-14 21:01 - 2014-09-18 02:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-14 21:01 - 2014-09-18 01:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-14 21:01 - 2014-09-04 05:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-14 21:01 - 2014-09-04 05:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-14 21:01 - 2014-08-29 02:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-14 21:01 - 2014-08-29 02:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-14 21:01 - 2014-08-29 02:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2014-10-14 21:01 - 2014-08-29 02:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-10-14 21:01 - 2014-08-29 02:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-10-14 21:01 - 2014-08-29 01:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-14 21:01 - 2014-08-29 01:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-10-14 21:01 - 2014-08-29 01:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-10-14 21:01 - 2014-08-29 01:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-10-14 21:00 - 2014-09-13 01:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-14 21:00 - 2014-09-13 01:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-14 21:00 - 2014-07-17 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-14 21:00 - 2014-07-17 02:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-14 21:00 - 2014-07-17 02:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-14 21:00 - 2014-07-17 02:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-14 21:00 - 2014-07-17 02:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-14 21:00 - 2014-07-17 02:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-14 21:00 - 2014-07-17 01:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-14 21:00 - 2014-07-17 01:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-14 21:00 - 2014-07-17 01:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-14 21:00 - 2014-07-17 01:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-14 21:00 - 2014-07-17 01:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 19:33 - 2009-07-14 04:45 - 00026528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-01 19:33 - 2009-07-14 04:45 - 00026528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-01 19:31 - 2009-07-14 05:13 - 00782010 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-01 19:30 - 2013-12-21 23:19 - 01093160 _____ () C:\Windows\WindowsUpdate.log

2014-11-01 19:28 - 2013-12-27 19:43 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Skype

2014-11-01 19:27 - 2014-07-12 16:39 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-11-01 19:26 - 2013-12-21 23:53 - 00701182 _____ () C:\Windows\PFRO.log

2014-11-01 19:26 - 2013-12-21 23:48 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys

2014-11-01 19:26 - 2013-12-21 23:46 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2014-11-01 19:26 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-01 19:26 - 2009-07-14 04:51 - 00040610 _____ () C:\Windows\setupact.log

2014-11-01 19:26 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\L2Schemas

2014-11-01 19:00 - 2013-12-26 10:59 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-11-01 18:56 - 2013-12-22 16:44 - 00000000 ____D () C:\ProgramData\MFAData

2014-11-01 18:53 - 2013-12-22 00:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-29 18:32 - 2014-09-30 20:20 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-10-29 18:32 - 2013-12-27 19:42 - 00000000 ____D () C:\ProgramData\Skype

2014-10-28 23:17 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Gary\AppData\Local\Battle.net

2014-10-28 21:34 - 2014-03-17 21:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-10-28 20:56 - 2014-07-12 16:39 - 00000000 ____D () C:\ProgramData\Origin

2014-10-27 20:56 - 2014-07-12 19:16 - 00001186 _____ () C:\Users\Public\Desktop\Titanfall.lnk

2014-10-27 20:54 - 2013-12-26 11:13 - 00473315 _____ () C:\Windows\DirectX.log

2014-10-26 22:12 - 2013-12-28 11:23 - 00000000 ____D () C:\Users\Gary\AppData\Local\CrashDumps

2014-10-25 19:32 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-10-19 16:12 - 2013-12-22 16:46 - 00000000 ____D () C:\ProgramData\AVG2014

2014-10-18 20:04 - 2013-12-22 16:46 - 00000000 ____D () C:\Program Files (x86)\AVG

2014-10-18 19:49 - 2014-04-01 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-10-16 21:26 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache

2014-10-16 20:43 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-10-16 20:38 - 2009-07-14 04:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-16 20:38 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-10-16 20:36 - 2014-05-06 22:34 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-16 20:36 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-10-16 20:36 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-10-14 21:12 - 2013-12-26 00:06 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-14 21:10 - 2013-12-26 00:06 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-12 17:53 - 2014-09-11 18:52 - 00000000 ____D () C:\Users\Gary\AppData\Local\Adobe

Some content of TEMP:

====================

C:\Users\Gary\AppData\Local\Temp\install_flashplayer13x32axau_gtba_chra_dy_aaa_aih.exe

C:\Users\Gary\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE

C:\Users\Gary\AppData\Local\Temp\oi_{6F8FEAC9-56D7-4BAF-A8A1-421505B0A9B5}.exe

C:\Users\Gary\AppData\Local\Temp\SETUP_AFTERBURNER.EXE

C:\Users\Gary\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-29 19:33

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014

Ran by Gary at 2014-11-01 19:40:00

Running from C:\Users\Gary\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)

ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)

ASRock eXtreme Tuner v0.1.190 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )

ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )

ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version: - ASRock Inc.)

ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)

AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)

AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden

AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden

AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.)

Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)

Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)

HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)

Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)

Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment)

Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)

Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)

Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden

NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)

Online Plug-in (x32 Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)

PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)

Peggle Deluxe 1.0 (HKLM-x32\...\Peggle Deluxe 1.0) (Version: - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)

Self-service Plug-in (x32 Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)

THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)

Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)

Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)

Unreal Tournament 3 (HKCU\...\InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games)

Unreal Tournament 3 (x32 Version: 1.00.0000 - Epic Games) Hidden

Unreal Tournament 3: Black Edition (HKLM-x32\...\Steam App 13210) (Version: - Epic Games, Inc.)

Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)

Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)

Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)

World of Goo (HKLM-x32\...\{B8CB01F7-897E-4159-B4FB-850BE8954FBF}) (Version: 1.00.000 - )

XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)

XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1690BE49-5C32-4098-B4E2-D0AC50510F2F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)

Task: {261A4579-4B70-4BB3-BB70-F7FDAA1F7025} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)

Task: {77482189-BC64-4155-9682-0060EDF6A51C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2013-12-21 23:46 - 2012-02-07 17:27 - 00121344 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

2012-02-09 16:26 - 2012-02-09 16:26 - 00133632 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

2012-02-09 16:26 - 2012-02-09 16:26 - 00048128 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll

2012-02-09 16:26 - 2012-02-09 16:26 - 00036864 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll

2014-08-11 20:44 - 2014-08-11 20:44 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe

2013-12-21 23:50 - 2011-05-19 09:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL

2013-12-21 23:40 - 2012-01-05 09:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-01-29 22:33 - 2014-08-25 17:14 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

2014-08-11 20:44 - 2014-08-11 20:44 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll

2012-06-26 12:11 - 2012-06-26 12:11 - 02302040 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll

2012-06-26 12:11 - 2012-06-26 12:11 - 08197208 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll

2012-06-26 12:11 - 2012-06-26 12:11 - 00345688 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll

2012-06-26 12:10 - 2012-06-26 12:10 - 00202328 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll

2012-06-26 12:10 - 2012-06-26 12:10 - 00027736 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll

2012-06-26 12:11 - 2012-06-26 12:11 - 00282200 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll

2014-07-12 16:40 - 2014-09-16 19:36 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll

2014-07-12 16:40 - 2014-09-16 19:36 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll

2014-07-12 16:40 - 2014-09-16 19:36 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll

2014-07-12 16:40 - 2014-09-16 19:36 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll

2014-07-12 16:40 - 2014-09-16 19:36 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll

2014-07-12 16:40 - 2014-09-16 19:36 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll

2014-07-12 16:40 - 2014-09-16 19:36 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll

2014-07-12 16:40 - 2014-09-16 19:36 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll

2014-01-29 22:33 - 2014-06-02 18:28 - 01640472 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll

2014-10-16 20:54 - 2014-10-16 20:54 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll

2013-12-21 23:42 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2013-12-21 23:44 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2748923439-1750433010-2092404853-500 - Administrator - Disabled)

Gary (S-1-5-21-2748923439-1750433010-2092404853-1000 - Administrator - Enabled) => C:\Users\Gary

Guest (S-1-5-21-2748923439-1750433010-2092404853-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2748923439-1750433010-2092404853-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (11/01/2014 07:26:39 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2

Error: (11/01/2014 06:51:18 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2

Error: (10/31/2014 11:29:47 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2

Error: (10/30/2014 07:43:05 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2

Error: (10/29/2014 10:11:55 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 358

Start Time: 01cff3c53ce6ca26

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/29/2014 10:09:35 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2

Error: (10/29/2014 08:29:56 PM) (Source: System Restore) (EventID: 8211) (User: )

Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (10/29/2014 08:29:56 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (10/29/2014 07:33:44 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (10/29/2014 07:33:41 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:

=============

Error: (11/01/2014 06:51:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMScheduler service failed to start due to the following error:

%%1053

Error: (11/01/2014 06:51:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (10/28/2014 11:19:00 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

Error: (10/28/2014 11:18:19 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Microsoft Office Sessions:

=========================