Win 8.1 and FRST logs as follows
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Amy Moore at 2015-02-18 19:40:56
Running from C:\Users\Amy Moore\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CloudScout (x32 Version: 1.0.0.1 - www.CloudGuard.me) Hidden <==== ATTENTION
CloudScout Parental Control version 1.2 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.2 - www.CloudGuard.me) <==== ATTENTION
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5108 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{B2F0406F-1609-489A-8626-7DB46776AB57}) (Version: 1.0.5 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Power Sound Editor Free v8.5.5 (HKLM-x32\...\Power Sound Editor Free_is1) (Version: - Copyright(C) 2005-2014 PowerSE, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-781177400-2606171948-1399550050-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
UnknownFile (HKU\S-1-5-21-781177400-2606171948-1399550050-1001\...\UnknownFile) (Version: 1.0.0.0 - UnknownFile) <==== ATTENTION!
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
xSaver (HKLM\...\{E5E9BE83-D6B0-40EA-A289-CD8408BBA84D}) (Version: 1.0.1.2 - ClientConnect Ltd.)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
23-01-2015 16:32:20 Windows Update
01-02-2015 20:12:52 Windows Update
13-02-2015 15:47:09 Windows Update
18-02-2015 17:47:36 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {08AB607D-A183-43B0-ACEA-975848CD8157} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {0F4A6671-57B0-4F47-BB6B-58808C5EE141} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {1A851954-30D6-4F39-817A-3DC80CAB1667} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-03-04] (Realtek Semiconductor)
Task: {213B4C85-D666-4EA5-9890-65EBA2C0762D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {25FE1211-4F14-4576-A160-652257331DDD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {368E26FF-81B1-4751-B131-60B8E218B65E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {42C57A97-FF31-4D91-B5C7-FB1E0814F5AA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-18] (AVAST Software)
Task: {46583C66-ED46-403C-BC55-9CE207EDB30A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-13] (Microsoft Corporation)
Task: {541DC967-776C-458B-898C-129A3ABA298F} - \PC Performer Scheduled Scan No Task File <==== ATTENTION
Task: {5DD04F7D-1718-4DF5-B219-12F9F7B8378F} - \CloudScout No Task File <==== ATTENTION
Task: {83B58241-1C6E-4354-A1DC-0884FA28D1B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {9A774C2A-A0E9-433F-93D9-225387490E25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
Task: {9C4135AF-9EA2-4D69-B24F-994A76ABDE85} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B0E03A06-3DB9-4B2A-855D-3D2CDC4AF506} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
Task: {D2BCEEE6-F2D6-49AE-B36E-2CC676050B95} - \avaxvavya No Task File <==== ATTENTION
Task: {D4727025-F172-457A-9EB1-A55781164987} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {E4033048-298B-4002-A4E1-46C3B66B94F2} - \PC Performer Logon Scan No Task File <==== ATTENTION
Task: {EC840CE9-179E-4DD1-A0A5-42DF0902B296} - System32\Tasks\avastBCLRestartS-1-5-21-781177400-2606171948-1399550050-1001 => Chrome.exe
Task: {F8844CF7-9F2F-4231-ACC5-8BC3A15F32D3} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {FF5BBB05-D45E-4BE7-918B-BE03F4F07939} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) ==============
2013-05-16 02:46 - 2013-05-16 02:46 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-05-16 02:43 - 2013-05-16 02:43 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-16 09:22 - 2013-09-16 09:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-16 03:09 - 2013-05-16 03:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-05-16 03:15 - 2013-05-16 03:15 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-29 20:27 - 2012-06-08 03:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-12 21:09 - 2014-12-12 21:09 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\1706c668394b6917a63634ebd3bedcf2\PSIClient.ni.dll
2013-11-29 20:07 - 2012-06-26 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-18 19:18 - 2015-02-18 19:18 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021800\algo.dll
2015-02-18 19:18 - 2015-02-18 19:18 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-18 19:13 - 2015-02-04 09:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-18 19:13 - 2015-02-04 09:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-18 19:13 - 2015-02-04 09:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-18 19:13 - 2015-02-04 09:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\msln.exe:79835b2d22ddc265ef3d87b1eea2a426
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Amy Moore\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-781177400-2606171948-1399550050-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Amy Moore\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Photo Gallery Wallpaper.jpg
DNS Servers: 81.218.119.15 - 199.203.35.75
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-781177400-2606171948-1399550050-500 - Administrator - Disabled) => C:\Users\Administrator
Amy Moore (S-1-5-21-781177400-2606171948-1399550050-1001 - Administrator - Enabled) => C:\Users\Amy Moore
Guest (S-1-5-21-781177400-2606171948-1399550050-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-781177400-2606171948-1399550050-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (02/18/2015 07:20:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: mfmp4srcsnk.dll, version: 12.0.9600.17334, time stamp: 0x5407ae99
Exception code: 0xc0000094
Fault offset: 0x0000000000096125
Faulting process ID: 0xba0
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (02/18/2015 07:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: mfmp4srcsnk.dll, version: 12.0.9600.17334, time stamp: 0x5407ae99
Exception code: 0xc0000094
Fault offset: 0x0000000000096125
Faulting process ID: 0xd98
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (02/18/2015 06:38:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: mfmp4srcsnk.dll, version: 12.0.9600.17334, time stamp: 0x5407ae99
Exception code: 0xc0000094
Fault offset: 0x0000000000096125
Faulting process ID: 0x1548
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (02/18/2015 06:38:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.16384, time stamp: 0x5215dfc6
Faulting module name: mfmp4srcsnk.dll, version: 12.0.9600.17334, time stamp: 0x5407ae99
Exception code: 0xc0000094
Fault offset: 0x0000000000096125
Faulting process ID: 0xf38
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report ID: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (02/18/2015 05:59:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZiZjdR0tYSEsSO.exe, version: 0.0.0.0, time stamp: 0x54a01d76
Faulting module name: ZiZjdR0tYSEsSO.exe, version: 0.0.0.0, time stamp: 0x54a01d76
Exception code: 0xc0000005
Fault offset: 0x000057d3
Faulting process ID: 0x35c
Faulting application start time: 0xZiZjdR0tYSEsSO.exe0
Faulting application path: ZiZjdR0tYSEsSO.exe1
Faulting module path: ZiZjdR0tYSEsSO.exe2
Report ID: ZiZjdR0tYSEsSO.exe3
Faulting package full name: ZiZjdR0tYSEsSO.exe4
Faulting package-relative application ID: ZiZjdR0tYSEsSO.exe5
Error: (02/18/2015 05:47:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service wauctla Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (02/18/2015 05:47:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Update Mgr StrongSignal since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (02/18/2015 05:47:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service shopperz Updater since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (02/18/2015 05:47:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Service Mgr StrongSignal since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (02/18/2015 05:47:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service CA Service component since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
System errors:
=============
Error: (02/18/2015 07:07:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The csrcc service failed to start due to the following error:
%%216
Error: (02/18/2015 07:07:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 70F4EEDB-1367-4b4f-8247-3133551A7415 service failed to start due to the following error:
%%216
Error: (02/18/2015 07:03:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/18/2015 07:03:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/18/2015 07:03:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/18/2015 07:03:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/18/2015 07:03:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/18/2015 07:03:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/18/2015 07:03:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/18/2015 07:03:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Microsoft Office Sessions:
=========================
Error: (02/18/2015 07:20:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6mfmp4srcsnk.dll12.0.9600.173345407ae99c00000940000000000096125ba001d04baffbbb8286C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\System32\mfmp4srcsnk.dll3978bf0d-b7a3-11e4-bea9-40f02f2663c9
Error: (02/18/2015 07:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6mfmp4srcsnk.dll12.0.9600.173345407ae99c00000940000000000096125d9801d04baff7e296cdC:\WINDOWS\system32\DllHost.exeC:\WINDOWS\System32\mfmp4srcsnk.dll3849cede-b7a3-11e4-bea9-40f02f2663c9
Error: (02/18/2015 06:38:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6mfmp4srcsnk.dll12.0.9600.173345407ae99c00000940000000000096125154801d04baa114ad443C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\System32\mfmp4srcsnk.dll4f03439e-b79d-11e4-bea7-40f02f2663c9
Error: (02/18/2015 06:38:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6mfmp4srcsnk.dll12.0.9600.173345407ae99c00000940000000000096125f3801d04baa0369cde0C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\System32\mfmp4srcsnk.dll4d3b4629-b79d-11e4-bea7-40f02f2663c9
Error: (02/18/2015 05:59:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZiZjdR0tYSEsSO.exe0.0.0.054a01d76ZiZjdR0tYSEsSO.exe0.0.0.054a01d76c0000005000057d335c01d04ba4a1c4e23dC:\Users\AMYMOO~1\AppData\Local\Temp\TOCFPB.tmp\ZiZjdR0tYSEsSO.exeC:\Users\AMYMOO~1\AppData\Local\Temp\TOCFPB.tmp\ZiZjdR0tYSEsSO.exee034f137-b797-11e4-bea6-40f02f2663c9
Error: (02/18/2015 05:47:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service wauctla Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (02/18/2015 05:47:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Update Mgr StrongSignal since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (02/18/2015 05:47:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service shopperz Updater since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (02/18/2015 05:47:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Service Mgr StrongSignal since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (02/18/2015 05:47:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service CA Service component since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
CodeIntegrity Errors:
===================================
Date: 2015-02-18 18:26:30.900
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{8EE327BB-16A5-44F7-B484-E7C03F02E7FD}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-18 18:26:29.119
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF741054-0355-4FE7-9376-5E2400AE65D4}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 30%
Total physical RAM: 6033.27 MB
Available physical RAM: 4219.21 MB
Total Pagefile: 6993.27 MB
Available Pagefile: 5081.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:677.84 GB) (Free:629.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.59 GB) (Free:1.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1E1F4777)
Partition: GPT Partition Type.
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Amy Moore (administrator) on AMYSPC on 19-02-2015 20:58:32
Running from C:\Users\Amy Moore\Downloads
Loaded Profiles: Amy Moore (Available profiles: Amy Moore & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(Microsoftware) C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Spotify Ltd) C:\Users\Amy Moore\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Amy Moore\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mlsStartupKey] => C:\Program Files\MLS\1.0.1.2.0.00\App\MlsUI.exe [31744 2014-08-25] (ClientConnect)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-18] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-16] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-781177400-2606171948-1399550050-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-781177400-2606171948-1399550050-1001\...\Run: [Spotify Web Helper] => C:\Users\Amy Moore\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-781177400-2606171948-1399550050-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
SearchScopes: HKLM -> {27773F80-B551-4FF0-9F8C-74C21EB057A3} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM -> {D5BF3D39-6B3A-4A07-B419-0E30BBC6E364} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {e4a1ece8-ed94-4f93-80ea-75f978ceaf24} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-781177400-2606171948-1399550050-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{D777DB8B-8712-478D-A609-4B68C8BA387F}: [NameServer] 81.218.119.15,199.203.35.75
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-18]
Chrome:
=======
CHR Profile: C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-18]
CHR Extension: (Google Docs) - C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-18]
CHR Extension: (Google Drive) - C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-18]
CHR Extension: (YouTube) - C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-18]
CHR Extension: (Google Search) - C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-18]
CHR Extension: (Google Sheets) - C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-18]
CHR Extension: (AdBlock) - C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-18]
CHR Extension: (Avast Online Security) - C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-18]
CHR Extension: (Google Wallet) - C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-18]
CHR Extension: (Gmail) - C:\Users\Amy Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-16] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-18] (AVAST Software)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-12-08] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-08] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-08] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-16] (Atheros) [File not signed]
S2 csrcc; "C:\Program Files\shopperz\csrcc.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-18] ()
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [35832 2015-02-03] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-16] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-08] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-08] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-08] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-19 20:58 - 2015-02-19 20:58 - 02086912 _____ (Farbar) C:\Users\Amy Moore\Downloads\FRST64 (1).exe
2015-02-19 20:56 - 2015-02-19 20:56 - 00000000 ___RD () C:\Users\Amy Moore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-19 20:52 - 2015-02-19 20:52 - 00688992 _____ (Swearware) C:\Users\Amy Moore\Downloads\dds.com
2015-02-19 20:51 - 2015-02-19 20:54 - 00000000 ____D () C:\AdwCleaner
2015-02-19 20:51 - 2015-02-19 20:51 - 02126848 _____ () C:\Users\Amy Moore\Downloads\AdwCleaner.exe
2015-02-19 20:07 - 2015-02-19 20:07 - 01388274 _____ (Thisisu) C:\Users\Amy Moore\Downloads\JRT.exe
2015-02-19 20:07 - 2015-02-19 20:07 - 01388274 _____ (Thisisu) C:\Users\Amy Moore\Downloads\JRT (1).exe
2015-02-19 17:31 - 2015-02-19 17:31 - 00000000 ____D () C:\Users\Amy Moore\Documents\Add-in Express
2015-02-19 17:31 - 2015-02-19 17:31 - 00000000 _____ () C:\Users\Amy Moore\Downloads\flashplayer_chrome.exe
2015-02-19 17:30 - 2015-02-19 17:40 - 00000258 __RSH () C:\Users\Amy Moore\ntuser.pol
2015-02-18 22:16 - 2015-02-18 22:16 - 00002282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 22:16 - 2015-02-18 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-18 22:15 - 2015-02-19 20:55 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 22:15 - 2015-02-19 20:20 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 22:15 - 2015-02-18 22:15 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-18 22:15 - 2015-02-18 22:15 - 00000000 ____D () C:\Users\Amy Moore\AppData\Local\Deployment
2015-02-18 20:17 - 2015-02-18 19:42 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-02-18 19:43 - 2015-02-18 19:43 - 00008660 _____ () C:\Users\Amy Moore\Documents\install.txt
2015-02-18 19:43 - 2015-02-18 19:07 - 00041748 _____ () C:\zoek-results2015-02-18-190719.log
2015-02-18 19:42 - 2015-02-18 19:42 - 01304576 _____ () C:\Users\Amy Moore\Downloads\zoek.exe
2015-02-18 19:40 - 2015-02-18 19:41 - 00032387 _____ () C:\Users\Amy Moore\Downloads\Addition.txt
2015-02-18 19:39 - 2015-02-19 20:58 - 00016681 _____ () C:\Users\Amy Moore\Downloads\FRST.txt
2015-02-18 19:37 - 2015-02-19 20:58 - 00000000 ____D () C:\FRST
2015-02-18 19:37 - 2015-02-18 19:37 - 02086912 _____ (Farbar) C:\Users\Amy Moore\Downloads\FRST64.exe
2015-02-18 19:28 - 2015-02-18 19:28 - 00003280 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-781177400-2606171948-1399550050-1001
2015-02-18 19:19 - 2015-02-18 19:19 - 00001987 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-18 19:19 - 2015-02-18 19:19 - 00000000 ____D () C:\Users\Amy Moore\AppData\Roaming\AVAST Software
2015-02-18 19:19 - 2015-02-18 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-18 19:18 - 2015-02-19 17:18 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-18 19:18 - 2015-02-18 19:18 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-18 19:18 - 2015-02-18 19:18 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-02-18 19:18 - 2015-02-18 19:18 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-18 19:18 - 2015-02-18 19:18 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-18 19:18 - 2015-02-18 19:18 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-02-18 19:18 - 2015-02-18 19:18 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-02-18 19:18 - 2015-02-18 19:18 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-18 19:18 - 2015-02-18 19:18 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-18 19:18 - 2015-02-18 19:18 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-18 19:18 - 2015-02-18 19:18 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-18 19:17 - 2015-02-18 19:17 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-18 19:16 - 2015-02-18 19:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-18 18:52 - 2015-02-18 22:10 - 00005008 _____ () C:\zoek-results.log
2015-02-18 18:31 - 2015-02-19 20:55 - 01180512 _____ () C:\WINDOWS\PFRO.log
2015-02-18 18:31 - 2015-02-19 20:55 - 00000924 _____ () C:\WINDOWS\setupact.log
2015-02-18 18:31 - 2015-02-18 18:31 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-18 18:27 - 2014-12-31 11:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-18 18:26 - 2015-02-18 18:26 - 00001252 _____ () C:\Users\Amy Moore\Documents\cc_20150218_182607.reg
2015-02-18 18:25 - 2015-02-18 18:25 - 00014416 _____ () C:\Users\Amy Moore\Documents\cc_20150218_182527.reg
2015-02-18 18:25 - 2015-02-18 18:25 - 00001422 _____ () C:\Users\Amy Moore\Documents\cc_20150218_182547.reg
2015-02-18 18:24 - 2015-02-18 18:24 - 00506824 _____ () C:\Users\Amy Moore\Documents\cc_20150218_182433.reg
2015-02-18 18:02 - 2015-02-18 19:35 - 00001235 _____ () C:\WINDOWS\system32\InstallUtil.InstallLog
2015-02-18 17:24 - 2015-02-18 18:39 - 00065024 ___SH () C:\Users\Amy Moore\Documents\Thumbs.db
2015-02-18 17:19 - 2015-02-19 20:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-18 17:18 - 2015-02-18 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-18 17:18 - 2015-02-18 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-18 17:18 - 2015-02-18 17:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-18 17:18 - 2015-01-23 04:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-18 17:18 - 2015-01-23 03:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-18 17:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-18 17:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-18 17:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-18 17:11 - 2015-02-18 17:11 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-18 17:11 - 2015-02-18 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-18 17:11 - 2015-02-18 17:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-13 15:50 - 2015-02-13 15:50 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-02-13 13:29 - 2015-01-10 08:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-13 13:28 - 2015-01-15 22:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-13 13:28 - 2015-01-15 22:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-13 13:28 - 2015-01-14 04:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-13 13:28 - 2015-01-14 03:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-13 13:28 - 2014-12-19 08:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-13 13:28 - 2014-12-19 08:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-13 13:28 - 2014-10-29 02:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-13 13:28 - 2014-10-29 02:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-13 13:28 - 2014-10-29 02:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-13 13:28 - 2014-10-29 02:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-13 13:28 - 2014-10-29 01:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-13 13:27 - 2015-01-13 22:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-13 13:27 - 2015-01-13 22:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-13 13:27 - 2015-01-12 03:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-13 13:27 - 2015-01-12 02:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-13 13:27 - 2015-01-10 09:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-13 13:27 - 2015-01-10 09:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-13 13:27 - 2015-01-10 08:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-13 13:27 - 2015-01-10 07:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-13 13:27 - 2015-01-10 06:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-13 13:27 - 2014-12-09 03:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-13 13:27 - 2014-12-09 01:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-13 13:27 - 2014-12-08 23:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-13 13:27 - 2014-10-29 02:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-13 13:27 - 2014-10-29 02:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-13 13:27 - 2014-10-29 01:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-13 13:27 - 2014-10-29 01:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-13 13:27 - 2014-10-29 01:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-13 13:27 - 2014-10-29 01:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-13 13:27 - 2014-10-29 01:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-13 13:27 - 2014-10-29 01:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-13 13:26 - 2015-01-12 02:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-13 13:26 - 2015-01-12 02:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-13 13:26 - 2015-01-12 02:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-13 13:26 - 2015-01-12 02:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-13 13:26 - 2015-01-12 02:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-13 13:26 - 2015-01-12 02:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-13 13:26 - 2015-01-12 02:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-13 13:26 - 2015-01-12 02:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-13 13:26 - 2015-01-12 02:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-13 13:26 - 2015-01-12 01:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-13 13:26 - 2015-01-12 01:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-13 13:26 - 2015-01-12 01:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-13 13:26 - 2015-01-12 01:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-13 13:26 - 2015-01-12 01:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-13 13:26 - 2015-01-12 01:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-13 13:26 - 2015-01-12 01:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-13 13:26 - 2015-01-12 01:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-13 13:26 - 2015-01-12 01:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-13 13:26 - 2015-01-12 01:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-13 13:26 - 2015-01-12 01:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-13 13:26 - 2015-01-12 01:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-13 13:26 - 2015-01-12 01:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-13 13:26 - 2015-01-12 01:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-13 13:26 - 2015-01-12 01:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-13 13:26 - 2015-01-12 01:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-13 13:26 - 2015-01-12 01:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-13 13:26 - 2015-01-12 01:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-13 13:26 - 2015-01-12 01:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-13 13:26 - 2015-01-12 01:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-13 13:26 - 2015-01-12 01:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-13 13:26 - 2015-01-12 00:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-13 13:26 - 2015-01-12 00:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-13 13:25 - 2015-02-03 23:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-13 13:25 - 2015-02-03 23:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-13 13:25 - 2015-02-03 23:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-13 13:25 - 2015-02-02 23:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-13 13:25 - 2015-02-02 23:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-13 13:25 - 2015-02-02 23:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-13 13:25 - 2015-01-19 18:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 19:04 - 2015-02-10 19:04 - 00005012 _____ () C:\WINDOWS\wauctla.InstallState
2015-02-10 19:04 - 2015-02-10 19:04 - 00000522 _____ () C:\WINDOWS\wauctla.InstallLog
2015-02-03 19:38 - 2015-02-19 17:29 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-02-03 19:38 - 2015-02-03 19:38 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-02-03 19:36 - 2015-02-16 16:44 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-03 19:23 - 2015-02-18 21:09 - 00000000 ____D () C:\Users\Amy Moore\AppData\Roaming\Firefoxboosterweb
2015-02-03 19:23 - 2015-02-03 19:23 - 00035832 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-02-03 19:20 - 2015-02-03 19:20 - 00000000 ____D () C:\3c7f8c47-ca50-45eb-9295-f8ff12d843fd
2015-02-03 19:19 - 2015-02-03 19:19 - 00000000 ____D () C:\3e260b93-a52a-43b3-b44d-0ae70d3ef0cf
2015-02-03 19:18 - 2015-02-03 19:18 - 00000000 ____D () C:\bbd8b063-1850-4261-9108-1e14800cf173
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-19 20:55 - 2014-12-08 21:50 - 00000000 ___RD () C:\Users\Amy Moore\OneDrive
2015-02-19 20:55 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-19 20:54 - 2014-12-08 21:44 - 01694311 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-19 20:54 - 2014-09-05 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free-for-download bundle
2015-02-19 20:14 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Help
2015-02-19 20:03 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-19 19:04 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Cursors
2015-02-19 17:53 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-19 17:40 - 2014-12-08 21:26 - 00000000 ____D () C:\Users\Amy Moore
2015-02-19 17:30 - 2013-08-22 15:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-02-19 17:30 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-02-19 17:29 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-02-19 17:17 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\ADFS
2015-02-19 10:04 - 2014-09-05 18:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-781177400-2606171948-1399550050-1001
2015-02-19 02:51 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-18 22:18 - 2014-08-17 19:36 - 00000000 ____D () C:\Users\Amy Moore\AppData\Local\CrashDumps
2015-02-18 22:16 - 2014-08-17 19:04 - 00000000 ____D () C:\Users\Amy Moore\AppData\Local\Google
2015-02-18 22:16 - 2014-08-17 19:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-18 22:15 - 2014-08-17 19:04 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-18 22:12 - 2014-10-01 16:47 - 00000000 ____D () C:\Users\Amy Moore\AppData\Roaming\Spotify
2015-02-18 21:09 - 2013-11-29 20:14 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2015-02-18 19:27 - 2014-11-22 22:09 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-18 19:20 - 2014-10-26 21:10 - 00000000 ____D () C:\Users\Amy Moore\AppData\Local\Windows Live
2015-02-18 19:06 - 2014-12-29 17:42 - 00000000 ____D () C:\ProgramData\internethelper_antiphishing
2015-02-18 18:44 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-18 18:39 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-18 18:38 - 2014-06-05 19:10 - 02816512 ___SH () C:\Users\Amy Moore\Downloads\Thumbs.db
2015-02-18 18:31 - 2013-11-29 20:32 - 00000000 ____D () C:\ProgramData\Norton
2015-02-18 18:31 - 2012-07-26 08:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-18 18:03 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-18 17:59 - 2013-11-29 20:21 - 00000000 ____D () C:\ProgramData\Temp
2015-02-18 17:53 - 2014-10-01 16:53 - 00000000 ____D () C:\Users\Amy Moore\AppData\Local\Spotify
2015-02-18 17:47 - 2013-11-29 20:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-02-18 17:15 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-18 17:14 - 2014-12-08 21:15 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-18 17:14 - 2012-07-26 05:26 - 00000155 _____ () C:\WINDOWS\win.ini
2015-02-16 14:24 - 2014-09-10 18:34 - 00248328 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-02-16 14:17 - 2014-10-07 06:08 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings
2015-02-13 16:12 - 2013-08-22 14:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 15:57 - 2014-08-31 12:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 15:51 - 2014-08-31 12:04 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 15:49 - 2014-12-12 07:02 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-13 15:49 - 2014-09-24 18:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-13 12:57 - 2014-09-24 16:21 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-03 19:31 - 2014-09-24 19:00 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 19:31 - 2014-09-24 19:00 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-10-23 16:57 - 2014-10-23 16:57 - 0000010 _____ () C:\Users\Amy Moore\AppData\Local\DSI.DAT
Some content of TEMP:
====================
C:\Users\Amy Moore\AppData\Local\Temp\Quarantine.exe
C:\Users\Amy Moore\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-19 18:40
==================== End Of Log ============================
very grateful for any help