Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I shouldn't let my kids loose on the computer - Slow, apps crashin

sendoriadware slow computer

  • This topic is locked This topic is locked

#1
rickmr

rickmr

    Member

  • Member
  • PipPip
  • 79 posts

I thought that I'd added the required parental controls to my PC when letting the kids use it to play games, but obviously not as I'm now being plagued by a slow system, pop up ads, and apps (specifically Windows defender, Microsoft Security Essentials and Plex Media Server - which has always functioned perfectly) closing down of thier own accord. I have now uninstalled the controls I had to check if it was them causing the problems but it doesn't appear to be. For info, I used K9 Web Protection and Qustodio.

 

MSE came up with Sendori Adware but I've a feeling that there may be more stuff giving me grief as I'm still having the same problems.

 

Oh. And if anyone can recommend a decent parental control (aside from not letting them use it!) then that'd be great :)

 

Here are my logs and thanks in advance :)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by User (administrator) on USER-PC on 03-05-2015 11:05:10
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & Ursula)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Users\User\Forefront UAG Remote Access Agent\uos-portalsalfordacuk\uosportal1\uagqecsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\User\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
() C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}\root-one-x.zip.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7018568 2013-02-22] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Component Manager] => C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe [233472 2003-10-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1851040 2015-03-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-27] (SUPERAntiSpyware)
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [Viber] => "C:\Users\User\AppData\Local\Viber\Viber.exe" StartMinimized
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-28] (Google Inc.)
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [AceUpdater] => C:\Users\User\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] ()
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [AceWebExtensionUpdater] => C:\Users\User\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5888648 2015-04-30] (Plex, Inc.)
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\MountPoints2: {5e975ad5-0997-11e3-8b8c-806e6f6e6963} - D:\DVDSetup.exe
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\MountPoints2: {b7f8fef9-6e26-11e3-ae9e-d43d7ebf9a15} - J:\DPFMate.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2014-02-22]
ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-08-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-08-21]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\root-one-x.zip.lnk [2015-04-17]
ShortcutTarget: root-one-x.zip.lnk -> C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}\root-one-x.zip.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3011337040-1224717311-1845066574-1006\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jenru830.default-1420972928043
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3011337040-1224717311-1845066574-1000: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\User\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies)
FF Extension: AS Magic Player - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jenru830.default-1420972928043\Extensions\[email protected] [2015-04-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-04-30]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://students.salford.ac.uk/", "hxxp://www.virginmedia.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2013-09-29]
CHR Extension: (Angry Birds) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-09-24]
CHR Extension: (Barbara Real Makeover) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\belcopojfpdnmbfhfiliddjobjiopebi [2013-09-29]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-20]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-20]
CHR Extension: (Dangerous Hands) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfiolepojknoifmfmaooacpopandonoc [2013-09-29]
CHR Extension: (Kitten Block) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dicomhebenajaeajoaehlhebjjehjahd [2014-01-19]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-12-14]
CHR Extension: (Procrastinator) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\enagjojfhclogmaemicdkkohjghgpodh [2014-04-24]
CHR Extension: (Cut the Rope) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-09-29]
CHR Extension: (Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-05]
CHR Extension: (Air Hockey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojagedhadegobocpaokaifiacjiolph [2013-09-29]
CHR Extension: (Pin It Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-08-19]
CHR Extension: (90`s Games) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2013-09-29]
CHR Extension: (Blocks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnglanfhhkanekkdmakmbegnojgpmnm [2014-07-19]
CHR Extension: (Lady Popular) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnamdlacgipmoldlhfgjficjiclhgibm [2013-09-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Download Master) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2013-09-29]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-04-12]
CHR Extension: (Papas Cupcakeria) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgenmcncpakkkbapegllmbahdjboogba [2013-09-29]
CHR Extension: (Pocket) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-01-30]
CHR Extension: (Save to Pocket) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-09-29]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Better History) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2014-09-15]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [68168 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-03-08] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832 2015-04-14] (IBM Corp.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uagqecsvc; C:\Users\User\Forefront UAG Remote Access Agent\uos-portalsalfordacuk\uosportal1\uagqecsvc.exe [144896 2013-10-07] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [59976 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-05-10] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-07-22] (http://libusb-win32.sourceforge.net)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [844440 2015-02-24] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2015-04-14] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2015-04-14] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2015-04-14] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 11:05 - 2015-05-03 11:06 - 00028243 _____ () C:\Users\User\Desktop\FRST.txt
2015-05-03 11:00 - 2015-05-03 11:02 - 00052817 _____ () C:\Users\User\Downloads\Addition.txt
2015-05-03 10:59 - 2015-05-03 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-05-03 10:58 - 2015-05-03 11:02 - 00076875 _____ () C:\Users\User\Downloads\FRST.txt
2015-05-03 10:57 - 2015-05-03 11:05 - 00000000 ____D () C:\FRST
2015-05-03 10:57 - 2015-05-03 10:57 - 02101248 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-05-03 10:49 - 2015-05-03 10:49 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2015-05-03 10:49 - 2015-05-03 10:49 - 00248728 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\45525770.sys
2015-05-02 09:53 - 2015-05-03 10:20 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-05-02 09:53 - 2015-05-03 10:05 - 00042672 _____ () C:\Windows\SysWOW64\qengine.ini
2015-05-02 09:53 - 2015-05-03 10:05 - 00009584 _____ () C:\Windows\SysWOW64\qengineOff.ini
2015-05-02 09:53 - 2015-05-03 10:05 - 00009584 _____ () C:\Windows\system32\qengineOff.ini
2015-05-02 09:52 - 2015-05-03 10:05 - 00000000 ____D () C:\ProgramData\qustodio
2015-05-02 09:50 - 2015-05-02 09:50 - 02374632 _____ () C:\Users\User\Downloads\QustodioInstaller.exe
2015-05-01 17:36 - 2015-05-01 17:36 - 02502416 _____ () C:\Users\Ursula\Downloads\k9-webprotection.exe
2015-04-30 12:04 - 2015-04-30 12:04 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-04-30 12:04 - 2015-04-30 12:04 - 00002037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-04-30 12:04 - 2015-04-30 12:04 - 00002014 _____ () C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-04-30 11:54 - 2015-04-30 11:54 - 02066496 _____ (Adobe) C:\Users\User\Downloads\acrobatproDC_00000000000000000000000409.exe
2015-04-30 11:10 - 2015-04-30 12:04 - 00001446 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
2015-04-30 10:59 - 2015-04-30 11:00 - 00000000 ____D () C:\Users\User\Desktop\Adobe Acrobat XI
2015-04-30 10:33 - 2015-04-30 10:34 - 00646835 _____ () C:\Users\User\Downloads\FW__Journey_into_work.zip
2015-04-30 10:32 - 2015-04-30 10:37 - 00000000 ____D () C:\Users\User\Desktop\New folder (6)
2015-04-24 18:08 - 2015-04-24 18:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-19 17:15 - 2015-04-19 17:15 - 00000000 ____D () C:\Users\Ursula\Downloads\docs
2015-04-19 17:14 - 2015-04-19 17:14 - 00867785 _____ () C:\Users\Ursula\Downloads\zsnesw151.zip
2015-04-19 14:15 - 2015-04-19 14:15 - 00392734 _____ () C:\Users\Ursula\Downloads\Fusion364.zip
2015-04-19 14:12 - 2015-04-19 14:19 - 784885520 _____ () C:\Users\Ursula\Downloads\Super_Mario_Sunshine_USA_NGC-SAVEPOINT.rar
2015-04-19 14:10 - 2015-04-19 14:48 - 00000000 ____D () C:\Users\Ursula\Documents\Dolphin Emulator
2015-04-19 14:09 - 2015-04-19 14:10 - 06260496 _____ () C:\Users\Ursula\Downloads\Super Mario 64 (USA).zip
2015-04-19 14:08 - 2015-04-19 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2015-04-19 14:08 - 2015-04-19 14:10 - 00000000 ____D () C:\Program Files\Dolphin
2015-04-19 14:07 - 2015-04-19 14:07 - 10150809 _____ () C:\Users\Ursula\Downloads\dolphin-x64-4.0.2.exe
2015-04-19 14:06 - 2015-04-19 17:18 - 00000000 ____D () C:\Users\Ursula\Desktop\Emulation
2015-04-19 14:05 - 2015-04-19 14:05 - 00051928 _____ () C:\Users\Ursula\fceux.cfg
2015-04-19 13:50 - 2015-04-19 13:50 - 00000000 ____D () C:\Users\Ursula\snaps
2015-04-19 13:50 - 2015-04-19 13:50 - 00000000 ____D () C:\Users\Ursula\sav
2015-04-19 13:50 - 2015-04-19 13:50 - 00000000 ____D () C:\Users\Ursula\movies
2015-04-19 13:50 - 2015-04-19 13:50 - 00000000 ____D () C:\Users\Ursula\fcs
2015-04-19 13:50 - 2015-04-19 13:50 - 00000000 ____D () C:\Users\Ursula\cheats
2015-04-19 13:49 - 2015-04-19 13:49 - 03029593 _____ () C:\Users\Ursula\Downloads\fceux-2.2.2-win32.zip
2015-04-19 13:49 - 2013-09-24 02:06 - 01105408 _____ () C:\Users\Ursula\fceux.exe
2015-04-19 13:49 - 2013-09-24 01:32 - 00352497 _____ () C:\Users\Ursula\fceux.chm
2015-04-19 13:49 - 2013-09-23 23:29 - 00924947 _____ () C:\Users\Ursula\taseditor.chm
2015-04-19 13:49 - 2013-08-18 02:21 - 00167936 _____ () C:\Users\Ursula\lua5.1.dll
2015-04-19 13:49 - 2013-08-18 02:21 - 00011264 _____ () C:\Users\Ursula\lua51.dll
2015-04-19 13:49 - 2013-08-18 02:21 - 00000000 ____D () C:\Users\Ursula\luaScripts
2015-04-19 13:49 - 2013-08-18 02:20 - 00941568 _____ (Igor Pavlov) C:\Users\Ursula\7z.dll
2015-04-19 13:49 - 2013-08-18 02:20 - 00001724 _____ () C:\Users\Ursula\auxlib.lua
2015-04-19 13:49 - 2013-08-18 02:20 - 00000000 ____D () C:\Users\Ursula\tools
2015-04-19 13:49 - 2013-08-18 02:20 - 00000000 ____D () C:\Users\Ursula\palettes
2015-04-19 13:48 - 2015-04-19 13:48 - 00020519 _____ () C:\Users\Ursula\Downloads\nestopia.xml
2015-04-19 13:43 - 2015-04-19 13:43 - 00031491 _____ () C:\Users\Ursula\Downloads\Super Mario Bros. (Europe) (Rev 0A).zip
2015-04-19 13:41 - 2015-04-19 13:48 - 00003414 _____ () C:\Users\Ursula\Downloads\nestopia.log
2015-04-19 13:41 - 2015-04-19 13:41 - 01249640 _____ () C:\Users\Ursula\Downloads\Nestopia140bin.zip
2015-04-19 13:41 - 2015-04-19 13:41 - 00000000 ____D () C:\Users\Ursula\Downloads\states
2015-04-19 13:41 - 2015-04-19 13:41 - 00000000 ____D () C:\Users\Ursula\Downloads\screenshots
2015-04-19 13:41 - 2015-04-19 13:41 - 00000000 ____D () C:\Users\Ursula\Downloads\save
2015-04-19 13:41 - 2015-04-19 13:41 - 00000000 ____D () C:\Users\Ursula\Downloads\samples
2015-04-19 13:41 - 2015-04-19 13:41 - 00000000 ____D () C:\Users\Ursula\Downloads\patches
2015-04-19 13:41 - 2015-04-19 13:41 - 00000000 ____D () C:\Users\Ursula\Downloads\cheats
2015-04-19 13:41 - 2015-04-19 13:41 - 00000000 ____D () C:\Users\Ursula\AppData\Roaming\WinRAR
2015-04-19 13:41 - 2008-06-08 16:59 - 02065920 _____ () C:\Users\Ursula\Downloads\nestopia.exe
2015-04-19 13:41 - 2008-06-08 10:51 - 00036781 _____ () C:\Users\Ursula\Downloads\readme.html
2015-04-19 13:41 - 2008-05-27 17:37 - 00033631 _____ () C:\Users\Ursula\Downloads\schemadb.xsd
2015-04-19 13:41 - 2008-05-26 18:24 - 00033617 _____ () C:\Users\Ursula\Downloads\schemaromset.xsd
2015-04-19 13:41 - 2008-04-03 20:56 - 00000000 ____D () C:\Users\Ursula\Downloads\language
2015-04-19 13:41 - 2006-06-22 18:56 - 00015402 _____ () C:\Users\Ursula\Downloads\copying.txt
2015-04-19 13:41 - 2006-05-25 15:52 - 00162304 _____ () C:\Users\Ursula\Downloads\unrar.dll
2015-04-19 13:41 - 2006-05-14 05:25 - 00169984 _____ () C:\Users\Ursula\Downloads\7zxa.dll
2015-04-19 13:41 - 2005-09-13 22:14 - 00032256 _____ () C:\Users\Ursula\Downloads\kailleraclient.dll
2015-04-17 19:25 - 2015-04-17 19:25 - 34404626 _____ () C:\Users\User\Downloads\torbrowser-install-4.0.8_en-US.exe
2015-04-17 14:15 - 2015-04-17 14:15 - 02019831 _____ () C:\Users\User\Downloads\root-one-x.zip
2015-04-17 14:15 - 2012-05-09 11:15 - 00002103 _____ () C:\Users\User\Desktop\root-mac.sh
2015-04-17 14:15 - 2012-05-09 11:13 - 00002105 _____ () C:\Users\User\Desktop\root-linux.sh
2015-04-17 14:15 - 2012-05-09 02:51 - 00001899 _____ () C:\Users\User\Desktop\root.bat
2015-04-17 14:15 - 2012-05-08 05:23 - 00091980 _____ () C:\Users\User\Desktop\su
2015-04-17 14:15 - 2012-05-08 05:22 - 00570342 _____ () C:\Users\User\Desktop\Superuser.apk
2015-04-17 14:15 - 2012-01-11 13:54 - 00159620 _____ () C:\Users\User\Desktop\adb-linux
2015-04-17 14:15 - 2011-12-29 05:32 - 02005736 _____ () C:\Users\User\Desktop\busybox
2015-04-17 14:15 - 2011-11-08 16:50 - 00410942 _____ () C:\Users\User\Desktop\adb.exe
2015-04-17 14:15 - 2011-11-08 16:50 - 00096256 _____ (Google, inc) C:\Users\User\Desktop\AdbWinApi.dll
2015-04-17 14:15 - 2011-11-08 16:50 - 00060928 _____ (Google, inc) C:\Users\User\Desktop\AdbWinUsbApi.dll
2015-04-17 14:15 - 2010-05-31 14:53 - 00349196 _____ () C:\Users\User\Desktop\adb-mac
2015-04-17 13:57 - 2013-07-12 02:36 - 00000000 ____D () C:\Users\User\Desktop\One_X_All-In-One_Kit_v
2015-04-17 13:56 - 2015-04-17 13:56 - 18023528 _____ () C:\Users\User\Downloads\One_X_All-In-One_Kit_v2.5.rar
2015-04-17 13:36 - 2015-04-17 13:36 - 00000042 _____ () C:\Users\User\AppData\Roaming\mbam.context.scan
2015-04-17 13:35 - 2015-04-18 10:32 - 00000000 ____D () C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}
2015-04-17 12:54 - 2015-04-17 12:57 - 00000000 ____D () C:\Users\User\Android
2015-04-17 12:54 - 2015-04-17 12:47 - 00000256 ____T () C:\Users\User\Unlock_code.bin
2015-04-17 12:54 - 2015-04-17 12:38 - 00083753 _____ () C:\Users\User\fastboot-win.zip
2015-04-17 12:51 - 2015-04-17 12:52 - 00000000 ____D () C:\Android
2015-04-17 12:51 - 2015-04-17 12:51 - 00083753 _____ () C:\Users\User\Downloads\fastboot-win(1).zip
2015-04-17 12:47 - 2015-04-17 12:47 - 00000256 _____ () C:\Users\User\Desktop\Unlock_code.bin
2015-04-17 12:42 - 2015-04-17 12:42 - 19507200 _____ () C:\Users\User\Downloads\HTCDriver_4.10.0.001.msi
2015-04-17 12:37 - 2015-04-17 12:38 - 00083753 _____ () C:\Users\User\Downloads\fastboot-win.zip
2015-04-17 12:37 - 2012-12-20 13:02 - 00000000 ____D () C:\Users\User\Desktop\__MACOSX
2015-04-17 12:34 - 2011-12-08 13:41 - 00183651 _____ () C:\Users\User\Desktop\fastboot.exe
2015-04-17 09:54 - 2015-04-17 09:54 - 01124072 _____ (Adobe Systems Incorporated) C:\Users\User\Downloads\readerdc_uk_ha_install.exe
2015-04-14 22:07 - 2015-04-17 09:39 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-14 22:07 - 2015-04-14 22:07 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-14 22:07 - 2015-04-14 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 22:07 - 2015-04-14 22:07 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 20:50 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-14 20:50 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-04-14 20:15 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-14 20:15 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-04-14 20:13 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 20:13 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 20:13 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 20:13 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 20:13 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 20:13 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 20:13 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 20:13 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 20:13 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-14 20:13 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-04-14 20:13 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-04-14 20:13 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-04-14 20:13 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-04-14 20:13 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-04-14 20:13 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-04-14 20:13 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-04-14 20:13 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-04-14 20:13 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-04-14 20:13 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-04-14 20:13 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-04-14 20:13 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-04-14 20:13 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-04-14 20:13 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-04-14 20:13 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-04-14 20:13 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-04-14 20:13 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-04-14 20:13 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-04-14 20:13 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-04-14 20:13 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-04-14 20:13 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-04-14 20:13 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-04-14 20:13 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-04-14 20:13 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-04-14 20:13 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-04-14 20:13 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-04-14 20:13 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-04-14 20:13 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-04-14 20:13 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-04-14 20:13 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-04-14 20:13 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-04-14 20:12 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-14 20:12 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-14 20:12 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-04-14 20:12 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-04-14 20:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-04-14 20:12 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-04-14 20:12 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-04-14 20:12 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-04-14 20:12 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-04-14 20:12 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-04-14 20:09 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-14 20:09 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-14 20:09 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-14 20:09 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-14 19:59 - 2015-04-02 01:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 19:59 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 19:59 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 19:59 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 19:59 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 19:59 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 19:59 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 19:59 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 19:59 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 19:59 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 19:59 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 19:59 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 19:59 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 19:59 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 19:59 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 19:59 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 19:59 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 19:59 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 19:59 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 19:59 - 2015-03-17 06:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 19:59 - 2015-03-17 06:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 19:59 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 19:59 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 19:59 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 19:59 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 19:59 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 19:59 - 2015-03-17 06:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 19:59 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 19:59 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 19:59 - 2015-03-17 06:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 19:59 - 2015-03-17 06:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 19:59 - 2015-03-17 06:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 19:59 - 2015-03-17 06:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 19:59 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 19:59 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 19:59 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 19:59 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 19:59 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 19:59 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 19:59 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 19:59 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 19:59 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 19:59 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 19:59 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 19:59 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 19:59 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 19:59 - 2015-03-17 05:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 19:59 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 19:59 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 19:59 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 19:59 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 19:59 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 19:59 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 19:59 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 19:59 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 19:59 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 19:59 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 19:59 - 2015-03-13 05:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 19:59 - 2015-03-13 05:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 19:59 - 2015-03-13 05:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 19:59 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 19:59 - 2015-03-13 05:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 19:59 - 2015-03-13 05:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 19:59 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 19:59 - 2015-03-13 05:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 19:59 - 2015-03-13 05:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 19:59 - 2015-03-13 04:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 19:59 - 2015-03-13 04:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 19:59 - 2015-03-13 04:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 19:59 - 2015-03-13 04:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 19:59 - 2015-03-13 04:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 19:59 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 19:59 - 2015-03-13 04:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 19:59 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 19:59 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 19:59 - 2015-03-13 04:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 19:59 - 2015-03-13 04:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 19:59 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 19:59 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 19:59 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 19:59 - 2015-03-13 04:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 19:59 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 19:59 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 19:59 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 19:59 - 2015-03-13 04:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 19:59 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 19:59 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 19:59 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 19:59 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 19:59 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 19:59 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 19:59 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 19:59 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 19:59 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 19:59 - 2015-03-13 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 19:59 - 2015-03-13 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 19:59 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 19:59 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 19:59 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 19:59 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 19:59 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 19:59 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 19:59 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 19:59 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 19:59 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 19:59 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 19:59 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 19:59 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 19:59 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 19:59 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 19:59 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 19:59 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 19:59 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 19:59 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 19:59 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 19:59 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 19:59 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 19:59 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 19:59 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 19:58 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 19:58 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 19:58 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-12 15:31 - 2015-04-12 15:31 - 00000000 ___HD () C:\_acestream_cache_
2015-04-12 15:30 - 2015-04-12 16:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\.ACEStream
2015-04-12 15:30 - 2015-04-12 15:30 - 00001957 _____ () C:\Users\User\Desktop\Ace Player.lnk
2015-04-12 15:30 - 2015-04-12 15:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2015-04-12 15:29 - 2015-04-12 15:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\AceWebExtension
2015-04-12 15:29 - 2015-04-12 15:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\ACEStream
2015-04-12 15:28 - 2015-04-12 15:28 - 70566360 _____ () C:\Users\User\Downloads\Ace_Stream_Media_3.0.12_VLC_1.1.12.exe
2015-04-12 15:25 - 2015-04-12 15:25 - 00000000 ____D () C:\Users\User\Desktop\Streams
2015-04-12 15:15 - 2015-04-12 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
2015-04-12 15:15 - 2015-04-12 15:15 - 00000995 _____ () C:\Users\User\Desktop\SopCast.lnk
2015-04-12 15:15 - 2014-12-12 04:01 - 06952156 ____N () C:\Users\User\Desktop\Setup-SopCast-3.9.6-2014-12-12.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 11:06 - 2013-08-20 14:11 - 01475806 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 11:01 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 11:01 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 11:00 - 2013-08-20 20:26 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-03 10:56 - 2015-03-08 16:03 - 00003754 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-05-03 10:44 - 2009-07-14 06:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 10:40 - 2013-08-27 09:03 - 00000000 ___RD () C:\Users\User\Dropbox
2015-05-03 10:40 - 2013-08-27 09:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-05-03 10:38 - 2013-10-07 08:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-03 10:38 - 2013-08-26 10:24 - 00000632 __RSH () C:\Users\User\ntuser.pol
2015-05-03 10:38 - 2013-08-20 20:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-03 10:38 - 2013-08-20 14:22 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-03 10:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 10:38 - 2009-07-14 05:51 - 00130476 _____ () C:\Windows\setupact.log
2015-05-03 10:29 - 2013-08-20 14:22 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 07:53 - 2013-08-21 14:17 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-05-02 10:06 - 2013-08-26 08:31 - 00001234 __RSH () C:\Users\Ursula\ntuser.pol
2015-05-02 10:06 - 2013-08-26 08:30 - 00000000 ____D () C:\Users\Ursula
2015-05-01 19:28 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-01 17:04 - 2013-08-26 08:31 - 00000000 ____D () C:\Users\Ursula\AppData\Local\Adobe
2015-05-01 16:54 - 2013-08-26 08:32 - 00000000 ____D () C:\Users\Ursula\AppData\Local\Google
2015-05-01 16:54 - 2013-08-26 08:31 - 00110072 _____ () C:\Users\Ursula\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-01 08:05 - 2013-08-21 13:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitComet
2015-04-30 14:50 - 2013-10-10 16:20 - 00000000 ____D () C:\Users\User\Documents\Outlook Files
2015-04-30 14:00 - 2009-07-14 05:45 - 05028640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-30 13:59 - 2010-11-21 04:47 - 00189850 _____ () C:\Windows\PFRO.log
2015-04-30 12:10 - 2013-08-20 14:19 - 00110072 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-30 12:06 - 2013-08-20 14:18 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-30 12:05 - 2014-12-26 19:23 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-30 12:05 - 2013-08-21 14:23 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-04-30 12:04 - 2015-03-05 11:05 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-04-30 12:00 - 2013-08-20 14:18 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-30 11:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-27 11:40 - 2013-11-17 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-04-26 21:53 - 2015-03-05 11:15 - 00010637 _____ () C:\Users\User\Desktop\Book1.xlsx
2015-04-25 09:31 - 2014-10-08 09:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 12:17 - 2013-08-27 09:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-20 12:12 - 2013-11-04 13:04 - 00000219 _____ () C:\Users\User\.swfinfo
2015-04-19 14:09 - 2013-08-20 21:32 - 00010770 _____ () C:\Windows\DirectX.log
2015-04-18 19:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 20:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-04-14 22:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-04-14 22:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-14 22:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-14 22:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-14 20:50 - 2013-08-21 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 20:44 - 2013-12-14 14:08 - 00766304 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 20:32 - 2013-08-20 20:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 20:21 - 2013-08-20 20:37 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 20:21 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-14 19:36 - 2013-10-07 08:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 19:36 - 2013-10-07 08:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 19:36 - 2013-10-06 16:19 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 13:14 - 2013-11-17 17:25 - 00535576 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2015-04-12 15:16 - 2013-09-16 13:22 - 00000000 ____D () C:\Program Files (x86)\SopCast

==================== Files in the root of some directories =======

2015-04-17 13:36 - 2015-04-17 13:36 - 0000042 _____ () C:\Users\User\AppData\Roaming\mbam.context.scan
2014-04-17 09:38 - 2015-01-09 11:51 - 0007600 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Ursula\7z.dll
C:\Users\Ursula\fceux.exe
C:\Users\Ursula\lua5.1.dll
C:\Users\Ursula\lua51.dll


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\8800.exe
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\devcon64.exe
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq_vf3q.dll
C:\Users\User\AppData\Local\Temp\f4f2a446-6cf6-458d-b85a-dcb16e8ac472.exe
C:\Users\User\AppData\Local\Temp\handbrake-setup.exe
C:\Users\User\AppData\Local\Temp\hpbswpnp.dll
C:\Users\User\AppData\Local\Temp\hplnchap.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\k9-webprotection-4.4.276.exe
C:\Users\User\AppData\Local\Temp\NeroInst.EXE
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\ose00001.exe
C:\Users\User\AppData\Local\Temp\ose00002.exe
C:\Users\User\AppData\Local\Temp\qseac.dll
C:\Users\User\AppData\Local\Temp\SAS6_Update.exe
C:\Users\User\AppData\Local\Temp\SRLDetectionLibrary6113840166119113796.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 17:50

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by User at 2015-05-03 11:07:14
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3011337040-1224717311-1845066574-500 - Administrator - Disabled)
Guest (S-1-5-21-3011337040-1224717311-1845066574-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3011337040-1224717311-1845066574-1005 - Limited - Enabled)
Ursula (S-1-5-21-3011337040-1224717311-1845066574-1006 - Limited - Enabled) => C:\Users\Ursula
User (S-1-5-21-3011337040-1224717311-1845066574-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\uTorrent) (Version: 3.4.2.32691 - BitTorrent Inc.)
Ace Stream Media 3.0.12 (HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\AceStream) (Version: 3.0.12 - Ace Stream Media) <==== ATTENTION!
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM-x32\...\Adobe PageMaker 7.0) (Version: 7.0.1a - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.3 64-bit (HKLM\...\{D759947B-8C5A-4480-B0DB-FC391F061C85}) (Version: 4.3.1 - Adobe)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
Baby Smartronics (HKLM-x32\...\Baby Smartronics) (Version:  - )
BitComet 1.36 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.36 - CometNetwork)
calibre 64bit (HKLM\...\{98EF3B25-E714-46D7-AD9E-13CF2E29F741}) (Version: 2.10.0 - Kovid Goyal)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
CL-Eye Platform SDK (HKLM-x32\...\CL-Eye Platform SDK) (Version: 1.6.4.0028 - Code Laboratories, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dropbox (HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
DVDStyler v2.8 (HKLM-x32\...\DVDStyler_is1) (Version:  - )
EaseUS Todo Backup Free 6.0 (HKLM-x32\...\EaseUS Todo Backup Free 6.0_is1) (Version: 6.0 - CHENGDU YIWO Tech Development Co., Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GTAIII (HKLM-x32\...\{92B94569-6683-4617-8C54-EB27A1B51B30}) (Version:  - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
hp deskjet 5600 (HKLM-x32\...\{DB5518BE-F40F-407A-B451-012625D4497B}) (Version: 1.03.0000 - Hewlett-Packard)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.6.0.001 - HTC Corporation)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaInfo 0.7.68 (HKLM\...\MediaInfo) (Version: 0.7.68 - MediaArea.net)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MKVToolNix 6.3.0 (HKLM-x32\...\MKVToolNix) (Version: 6.3.0 - Moritz Bunkus)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-GB)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
PC Wizard 2012.2.11 (HKLM-x32\...\PC Wizard 2012_is1) (Version:  - CPUID)
PDF ePub DRM Removal (HKLM-x32\...\PDFePubRMRemoval) (Version: 1.4.1 - eBook Converter)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Plex Home Theater (HKLM-x32\...\Plex Home Theater) (Version: 1.0.9 - Plex inc)
Plex Media Server (HKLM-x32\...\{9b2a3960-a744-4df3-88ba-66c0e1794508}) (Version: 0.9.1200 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1200 - Plex, Inc.) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Qustodio (HKLM-x32\...\Qustodio) (Version:  - Qustodio)
Rapport (x32 Version: 3.5.1404.88 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SixaxisPairTool 0.1 (HKLM\...\SixaxisPairTool_is1) (Version: 0.1 - )
SixaxisPairTool 0.2.3 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.2.3 - Dancing Pixel Studios)
Skype™ 6.14 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.14.104 - Skype Technologies S.A.)
SopCast 3.9.6 (HKLM-x32\...\SopCast) (Version: 3.9.6 - www.sopcast.com)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1032 - SUPERAntiSpyware.com)
System Requirements Lab CYRI (HKLM-x32\...\{E362724E-9320-4946-AF34-874E7B6B2927}) (Version: 6.0.7.0 - Husdawg, LLC)
Tribler (HKLM-x32\...\Tribler) (Version: 6.4.1 - The Tribler Team)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.88 - Trusteer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VidCoder 1.4.25 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.4.25 - RandomEngy)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.128 - MSI)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011337040-1224717311-1845066574-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

30-04-2015 10:49:33 Removed Adobe Acrobat XI Pro.
30-04-2015 11:01:28 Installed Adobe Acrobat XI Pro.
02-05-2015 09:28:24 Windows Update
03-05-2015 09:35:08 Plex Media Server
03-05-2015 09:40:37 Plex Media Server
03-05-2015 10:45:08 Plex Media Server
03-05-2015 11:00:15 Plex Media Server

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CEB59CA-A44B-44EE-ACCA-606B2A08A2C2} - System32\Tasks\{48E24FD1-A533-4F9B-8A73-F8F86F592AFD} => pcalua.exe -a "C:\Users\User\Desktop\GTA Sa\Alcohol120_trial_1_9_2_1705.exe" -d "C:\Users\User\Desktop\GTA Sa"
Task: {2FB2F32D-6991-4FAC-A7BA-5DF866E6CF84} - System32\Tasks\Shutdown => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {3504C938-C249-4DD8-927E-8DEF88C42B0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {39A0CEA2-3C54-4201-86C5-25EBD13BC86D} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {818892AD-A66F-4EF6-AD26-93A05258CB82} - System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {988F95CC-E26E-432A-A52F-738101E66954} - System32\Tasks\{9E662935-87E6-4494-9C19-B106457A51DD} => pcalua.exe -a "C:\Users\User\Downloads\FirmwareFlashLauncher (1).exe" -d C:\Users\User\Downloads
Task: {9B042030-9646-4496-A3A8-21DC56118FA6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {B4873E92-36D6-47DA-A562-64C4FECEAD56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {B9FD8004-0C8B-44EA-B310-7E381B803F1D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {BA823A3E-68EB-40B9-8E39-53F0492E976C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-03-08] ()
Task: {BCE29FBD-6E31-490D-B827-BC198FA27BBB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {BD934C3A-CE7C-41E2-B4F5-6475A99D32FC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {C0F7193D-CD13-4ACC-BD22-F4A3B2A8330C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C78A261F-5CCE-4B58-8D64-96FB6BED1DAD} - System32\Tasks\{93C337A8-B95F-4709-B3D2-EA0B26E25007} => pcalua.exe -a C:\Users\User\Downloads\jxpiinstall(3).exe -d C:\Users\User\Downloads
Task: {F7C208F3-8FAC-454A-966C-829E6DA191AB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F8B6C25C-1C66-4E59-B836-9ADE82B33CF0} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-08-25 19:06 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-28 02:23 - 2015-02-28 02:23 - 00022824 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-04-17 13:35 - 2014-04-17 13:35 - 00374272 _____ () C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}\root-one-x.zip.exe
2012-05-04 15:47 - 2012-05-04 15:47 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-21 13:11 - 2013-05-10 12:08 - 00098888 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2013-08-21 13:11 - 2013-05-10 12:08 - 00029768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2013-08-21 13:11 - 2008-11-25 17:18 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2013-08-21 13:11 - 2004-10-05 03:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2013-08-21 13:11 - 2013-05-10 12:08 - 00050248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2013-08-21 13:11 - 2013-05-22 16:25 - 00093256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2013-08-21 13:11 - 2013-05-22 16:25 - 00030280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2013-08-21 13:11 - 2013-05-10 12:08 - 00293960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2013-08-21 13:11 - 2013-05-10 12:08 - 00578632 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2013-08-21 13:11 - 2013-05-10 12:08 - 00468040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2013-08-21 13:11 - 2013-05-10 12:08 - 00068680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2013-08-21 13:11 - 2013-05-10 12:09 - 00069192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2013-08-21 13:11 - 2013-05-20 17:44 - 00022600 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2013-08-21 13:11 - 2013-05-10 12:08 - 00115784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2013-08-21 13:11 - 2013-05-10 12:08 - 00135752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2013-08-21 13:11 - 2013-05-10 12:08 - 00037960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2013-08-21 13:11 - 2013-05-20 17:44 - 00135240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2013-08-21 13:11 - 2013-05-10 12:08 - 00096840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2011-06-12 14:09 - 2011-06-12 14:09 - 00038400 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd
2011-06-12 14:09 - 2011-06-12 14:09 - 00720896 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd
2014-01-23 12:37 - 2014-01-23 12:37 - 00036352 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd
2012-02-07 17:37 - 2012-02-07 17:37 - 00098816 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd
2012-02-07 17:35 - 2012-02-07 17:35 - 00110080 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll
2012-02-07 17:38 - 2012-02-07 17:38 - 00358912 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll
2012-02-07 17:42 - 2012-02-07 17:42 - 00266240 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00287232 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00106496 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd
2010-10-10 23:23 - 2010-10-10 23:23 - 00723968 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd
2011-01-18 22:56 - 2011-01-18 22:56 - 00334336 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00011776 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\select.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00152576 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00688128 _____ () C:\Users\User\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd
2015-05-03 10:39 - 2015-05-03 10:39 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq_vf3q.dll
2015-03-04 22:45 - 2015-03-04 22:45 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 22:45 - 2015-03-04 22:45 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 22:45 - 2015-03-04 22:45 - 00865280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 22:45 - 2015-03-04 22:45 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-05-01 08:27 - 2015-04-28 03:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-05-01 08:27 - 2015-04-28 03:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-04-14 19:36 - 2015-04-14 19:36 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
2015-04-30 02:59 - 2015-04-30 02:59 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2015-04-30 02:59 - 2015-04-30 02:59 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-04-30 02:59 - 2015-04-30 02:59 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2015-04-30 02:59 - 2015-04-30 02:59 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2015-04-30 02:59 - 2015-04-30 02:59 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2015-04-30 02:59 - 2015-04-30 02:59 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2015-04-30 02:59 - 2015-04-30 02:59 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2015-04-30 02:59 - 2015-04-30 02:59 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2015-04-30 02:59 - 2015-04-30 02:59 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2015-04-30 02:59 - 2015-04-30 02:59 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2015-04-30 02:59 - 2015-04-30 02:59 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2015-04-30 02:59 - 2015-04-30 02:59 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\User\Desktop\2015-01-05 15.15.34-1.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\User\Desktop\2015-01-05 15.16.10-1.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\qengine => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: NAUpdate => 2

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{7F105C90-CD00-4B36-9B1C-8FEF3EBC1389}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8354BA2F-1220-4AB2-906E-974D760DEEF0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F9895D9-57DD-4495-98E0-F4DDE614990A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{D7DCEC3C-C5D4-4D64-A103-09BEEF62AE8A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{7D45CA28-11AE-4A11-B505-F5C3C359DD1D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{20C19211-20B3-4FA9-B3DB-3970616FAAE0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{D3D39F3F-10C0-4490-856A-EB044155E554}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{FCF6760C-3A8B-41B7-91DF-C22FE1F35130}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{0DCE1FC8-5681-4E31-9558-D3CDCAF2A53D}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{565C0C86-AF1E-4E1F-AB37-C04E2ACB7CBF}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F42B59DC-B073-4468-BE30-142090D394D1}] => (Allow) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{48B4FED1-9FBB-4AB5-8A5F-751927CC26B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{4665E768-DF8D-42B7-A494-C39DA71AA148}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{7FB7B2B3-480D-40E4-ADF6-9A12C3F17E8E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{52BE6D6C-7ED2-492B-8831-CD752336EBC1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{6AB8676B-0D91-4114-B8F7-250BD56D5AD2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
FirewallRules: [{2F58799E-68FE-4A52-A2AE-9FB66B3CFDCE}] => (Allow) %ProgramFiles%\BitComet\BitComet.exe
FirewallRules: [TCP Query User{E9D1A47F-39E0-4EF3-B962-ECAD88DE0F5D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{C0E48800-752E-4CE3-84C2-962BEC50ED68}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{B30219D8-4992-4581-902F-A8D6659C50F0}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A9F3B2D9-AF13-41D4-99EC-B6A9D94F53C4}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{7C6D7EF4-2702-470A-B893-EC3DACB68F64}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{45FE920F-DCD7-4200-8127-6C74A5CA7AAD}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{47096A6C-0EB9-49D7-AF59-CF61B9209462}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [UDP Query User{C171E973-8430-43AC-8766-CC48FE9E229D}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [{DC100C73-72A4-4810-A494-19D722ED7F6E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{8D40903F-0C1F-449E-8986-7EF095CA376A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{54D13685-31B1-44E8-B174-E2386ADB7B49}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{85428CF4-113E-4188-9A9B-9FA8DD396D68}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{91F59B69-65E2-4B80-97C5-A7B47AC1563A}] => (Allow) LPort=2869
FirewallRules: [{67811256-99F5-446A-9B03-2E21D0A52D81}] => (Allow) LPort=1900
FirewallRules: [{A78E2CF0-517B-4AB2-A336-348BEAC9FF14}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{8450DBD4-DEB2-4335-B96C-4895C95A9FFA}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [UDP Query User{BEC80174-C341-4B88-97EA-14A6EEB1859B}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [{7A1FA091-AEB0-4E8D-B186-DD60D5E19F8F}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{238A73C5-8853-40D8-AFB7-5C530589C685}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F43E12FF-0579-4126-A0F1-5851883B20A9}] => (Allow) C:\Program Files (x86)\Tribler\tribler.exe
FirewallRules: [{C448AB1E-C3F2-4A01-88CE-575254D4ED70}] => (Allow) C:\Program Files (x86)\Tribler\tribler.exe
FirewallRules: [{84A59FD6-93EE-48C0-8465-CD03137157A5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{39A7F238-5DCB-40BB-BB8D-D4D7F7F14C0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5B0BF7F2-7C0F-4DFB-87F9-4DCC9CAAA4B3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{59941349-A548-4774-8466-5A250EBBFF74}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{32A53C9B-AEC6-46D5-B24D-369FC086D011}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{37E676DF-4CB9-471F-9859-CCEC07526B25}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{AAFC37D9-EA57-4E61-8DF4-E369E49C72D5}C:\users\user\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\user\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{1D1459C0-8966-4811-A299-36914C45D585}C:\users\user\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\user\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{5EB5EE74-490E-44F5-9DAF-4B8E23844C46}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3E5A549D-2D47-44D2-B030-F41CA2F7E067}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{D30E87EF-9A5E-4D9E-A250-6BB93F162B29}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{C7FF8C2B-69CE-40B5-B288-63A069ADC696}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe

==================== Faulty Device Manager Devices =============

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.

Name: photosmart 7600 series
Description: photosmart 7600 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2015 10:59:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 10:40:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 10:39:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2015 09:40:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 09:40:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 08:28:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 07:43:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 07:43:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 07:43:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2015 07:42:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (05/03/2015 10:46:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (05/03/2015 10:42:41 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Function Discovery Provider Host service hung on starting.

Error: (05/03/2015 10:38:14 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:36:48 on ‎03/‎05/‎2015 was unexpected.

Error: (05/03/2015 10:31:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapportMgmtService service.

Error: (05/03/2015 10:30:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

Error: (05/03/2015 10:06:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}

Error: (05/03/2015 07:52:03 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (05/03/2015 07:52:00 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/03/2015 07:42:25 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (05/03/2015 07:42:21 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (05/03/2015 10:59:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Error: (05/03/2015 10:40:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Error: (05/03/2015 10:39:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2015 09:40:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Error: (05/03/2015 09:40:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Error: (05/03/2015 08:28:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Error: (05/03/2015 07:43:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Error: (05/03/2015 07:43:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Error: (05/03/2015 07:43:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2015 07:42:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe


==================== Memory info ===========================

Processor: AMD A8-5500 APU with Radeon™ HD Graphics
Percentage of memory in use: 65%
Total physical RAM: 3281.83 MB
Available physical RAM: 1115.99 MB
Total Pagefile: 6561.86 MB
Available Pagefile: 3195.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:911.88 GB) (Free:741.22 GB) NTFS
Drive e: (HP FLASH) (Removable) (Total:14.92 GB) (Free:6.78 GB) FAT32
Drive f: (Restore Partition) (Fixed) (Total:19.53 GB) (Free:10.28 GB) NTFS
Drive g: (H) (Fixed) (Total:1862.96 GB) (Free:858.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 33F5BCDC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 4A13BB2F)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=47 MB) - (Type=A2)

========================================================
Disk: 3 (Size: 14.9 GB) (Disk ID: 00140F5B)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

==================== End Of Log ============================


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, what error do you get for microsoft security essentials ?



CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [AceUpdater] => C:\Users\User\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] ()
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [AceWebExtensionUpdater] => C:\Users\User\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2014-02-22]
ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\root-one-x.zip.lnk [2015-04-17]
ShortcutTarget: root-one-x.zip.lnk -> C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}\root-one-x.zip.exe ()
GroupPolicyUsers\S-1-5-21-3011337040-1224717311-1845066574-1006\User: Group Policy restriction detected <======= ATTENTION
FF Plugin HKU\S-1-5-21-3011337040-1224717311-1845066574-1000: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\User\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies)
FF Extension: AS Magic Player - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jenru830.default-1420972928043\Extensions\[email protected] [2015-04-12]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-04-12]
2015-05-02 09:53 - 2015-05-03 10:20 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-04-17 13:35 - 2015-04-18 10:32 - 00000000 ____D () C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}
2015-04-12 15:31 - 2015-04-12 15:31 - 00000000 ___HD () C:\_acestream_cache_
2015-04-12 15:30 - 2015-04-12 16:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\.ACEStream
2015-04-12 15:30 - 2015-04-12 15:30 - 00001957 _____ () C:\Users\User\Desktop\Ace Player.lnk
2015-04-12 15:30 - 2015-04-12 15:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2015-04-12 15:29 - 2015-04-12 15:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\AceWebExtension
2015-04-12 15:29 - 2015-04-12 15:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\ACEStream
2015-04-12 15:28 - 2015-04-12 15:28 - 70566360 _____ () C:\Users\User\Downloads\Ace_Stream_Media_3.0.12_VLC_1.1.12.exe
2015-04-12 15:25 - 2015-04-12 15:25 - 00000000 ____D () C:\Users\User\Desktop\Streams
2015-04-12 15:15 - 2015-04-12 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
2015-04-12 15:15 - 2015-04-12 15:15 - 00000995 _____ () C:\Users\User\Desktop\SopCast.lnk
2015-04-12 15:15 - 2014-12-12 04:01 - 06952156 ____N () C:\Users\User\Desktop\Setup-SopCast-3.9.6-2014-12-12.exe
Task: {988F95CC-E26E-432A-A52F-738101E66954} - System32\Tasks\{9E662935-87E6-4494-9C19-B106457A51DD} => pcalua.exe -a "C:\Users\User\Downloads\FirmwareFlashLauncher (1).exe" -d C:\Users\User\Downloads
Task: {C78A261F-5CCE-4B58-8D64-96FB6BED1DAD} - System32\Tasks\{93C337A8-B95F-4709-B3D2-EA0B26E25007} => pcalua.exe -a C:\Users\User\Downloads\jxpiinstall(3).exe -d C:\Users\User\Downloads
C:\Users\Ursula\7z.dll
C:\Users\Ursula\lua5.1.dll
C:\Users\Ursula\lua51.dll
C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}
C:\Users\User\AppData\Roaming\AceWebExtension
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
rickmr

rickmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Hi,

 

thanks for getting back to me.

 

The MSE error wasn't so much an error. It just seemed to be turning itself off and saying that it wasn't up to date, when I had only updated it a couple of hours previously. Not sure if this helps or not?!

 

Here are the logs requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2015
Ran by User at 2015-05-03 16:54:46 Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & Ursula)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
    CreateRestorePoint:
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [AceUpdater] => C:\Users\User\AppData\Roaming\ACEStream\updater\ace_update.exe [22824 2014-10-01] ()
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\...\Run: [AceWebExtensionUpdater] => C:\Users\User\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2014-02-22]
ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\root-one-x.zip.lnk [2015-04-17]
ShortcutTarget: root-one-x.zip.lnk -> C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}\root-one-x.zip.exe ()
GroupPolicyUsers\S-1-5-21-3011337040-1224717311-1845066574-1006\User: Group Policy restriction detected <======= ATTENTION
FF Plugin HKU\S-1-5-21-3011337040-1224717311-1845066574-1000: @acestream.net/acestreamplugin,version=3.0.12 -> C:\Users\User\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-03] (Innovative Digital Technologies)
FF Extension: AS Magic Player - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jenru830.default-1420972928043\Extensions\[email protected] [2015-04-12]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-04-12]
2015-05-02 09:53 - 2015-05-03 10:20 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-04-17 13:35 - 2015-04-18 10:32 - 00000000 ____D () C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}
2015-04-12 15:31 - 2015-04-12 15:31 - 00000000 ___HD () C:\_acestream_cache_
2015-04-12 15:30 - 2015-04-12 16:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\.ACEStream
2015-04-12 15:30 - 2015-04-12 15:30 - 00001957 _____ () C:\Users\User\Desktop\Ace Player.lnk
2015-04-12 15:30 - 2015-04-12 15:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2015-04-12 15:29 - 2015-04-12 15:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\AceWebExtension
2015-04-12 15:29 - 2015-04-12 15:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\ACEStream
2015-04-12 15:28 - 2015-04-12 15:28 - 70566360 _____ () C:\Users\User\Downloads\Ace_Stream_Media_3.0.12_VLC_1.1.12.exe
2015-04-12 15:25 - 2015-04-12 15:25 - 00000000 ____D () C:\Users\User\Desktop\Streams
2015-04-12 15:15 - 2015-04-12 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
2015-04-12 15:15 - 2015-04-12 15:15 - 00000995 _____ () C:\Users\User\Desktop\SopCast.lnk
2015-04-12 15:15 - 2014-12-12 04:01 - 06952156 ____N () C:\Users\User\Desktop\Setup-SopCast-3.9.6-2014-12-12.exe
Task: {988F95CC-E26E-432A-A52F-738101E66954} - System32\Tasks\{9E662935-87E6-4494-9C19-B106457A51DD} => pcalua.exe -a "C:\Users\User\Downloads\FirmwareFlashLauncher (1).exe" -d C:\Users\User\Downloads
Task: {C78A261F-5CCE-4B58-8D64-96FB6BED1DAD} - System32\Tasks\{93C337A8-B95F-4709-B3D2-EA0B26E25007} => pcalua.exe -a C:\Users\User\Downloads\jxpiinstall(3).exe -d C:\Users\User\Downloads
C:\Users\Ursula\7z.dll
C:\Users\Ursula\lua5.1.dll
C:\Users\Ursula\lua51.dll
C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}
C:\Users\User\AppData\Roaming\AceWebExtension
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AceUpdater => Value not found.
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AceWebExtensionUpdater => Value not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk not found.
C:\Program Files (x86)\Universal Media Server\UMS.exe not found.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\root-one-x.zip.lnk not found.
C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}\root-one-x.zip.exe not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3011337040-1224717311-1845066574-1006\User" => File/Directory not found.
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.0.12 => Key not found.
C:\Users\User\AppData\Roaming\ACEStream\player\npace_plugin.dll not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jenru830.default-1420972928043\Extensions\[email protected] not found.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim directory not found.
"C:\Windows\SysWOW64\AI_RecycleBin" => File/Directory not found.
"C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}" => File/Directory not found.
"C:\_acestream_cache_" => File/Directory not found.
"C:\Users\User\AppData\Roaming\.ACEStream" => File/Directory not found.
"C:\Users\User\Desktop\Ace Player.lnk" => File/Directory not found.
"C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media" => File/Directory not found.
"C:\Users\User\AppData\Roaming\AceWebExtension" => File/Directory not found.
"C:\Users\User\AppData\Roaming\ACEStream" => File/Directory not found.
"C:\Users\User\Downloads\Ace_Stream_Media_3.0.12_VLC_1.1.12.exe" => File/Directory not found.
"C:\Users\User\Desktop\Streams" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast" => File/Directory not found.
"C:\Users\User\Desktop\SopCast.lnk" => File/Directory not found.
"C:\Users\User\Desktop\Setup-SopCast-3.9.6-2014-12-12.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{988F95CC-E26E-432A-A52F-738101E66954} => Key not found.
C:\Windows\System32\Tasks\{9E662935-87E6-4494-9C19-B106457A51DD} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9E662935-87E6-4494-9C19-B106457A51DD} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C78A261F-5CCE-4B58-8D64-96FB6BED1DAD} => Key not found.
C:\Windows\System32\Tasks\{93C337A8-B95F-4709-B3D2-EA0B26E25007} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93C337A8-B95F-4709-B3D2-EA0B26E25007} => Key not found.
"C:\Users\Ursula\7z.dll" => File/Directory not found.
"C:\Users\Ursula\lua5.1.dll" => File/Directory not found.
"C:\Users\Ursula\lua51.dll" => File/Directory not found.
"C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}" => File/Directory not found.
"C:\Users\User\AppData\Roaming\AceWebExtension" => File/Directory not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3011337040-1224717311-1845066574-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 3.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog 16:58:40 ====

 

# AdwCleaner v4.203 - Logfile created 03/05/2015 at 16:21:32
# Updated 30/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\{c298841e-5ce5-0b3e-c298-8841e5ce1079}
Folder Deleted : C:\Users\User\AppData\Roaming\AceWebExtension
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jenru830.default-1420972928043\Extensions\[email protected]
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\obciceimmggglbmelaidpjlmodcebijb
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_myfuncards.dl.tb.ask.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_myfuncards.dl.tb.ask.com_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.k9safesearch.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.k9safesearch.com_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_zwinky.dl.tb.ask.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_zwinky.dl.tb.ask.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Clara
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-GB)


-\\ Google Chrome v42.0.2311.135

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : obciceimmggglbmelaidpjlmodcebijb
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mfhnkgpdlogbknkhlgdjlejeljbhflim
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

*************************

AdwCleaner[R0].txt - [19160 bytes] - [03/05/2015 16:17:40]
AdwCleaner[S0].txt - [6426 bytes] - [03/05/2015 16:21:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6485  bytes] ##########
 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-05-03 16:29:53
-----------------------------
16:29:53.391    OS Version: Windows x64 6.1.7601 Service Pack 1
16:29:53.392    Number of processors: 4 586 0x1001
16:29:53.394    ComputerName: USER-PC  UserName: User
16:31:07.540    Initialize success
16:31:07.743    VM: initialized successfully
16:31:07.743    VM: Amd CPU supported
16:31:23.944    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
16:31:23.959    Disk 0 Vendor: ST1000DM CC47 Size: 953869MB BusType: 11
16:31:24.646    Disk 0 MBR read successfully
16:31:24.646    Disk 0 MBR scan
16:31:24.661    Disk 0 Windows 7 default MBR code
16:31:24.739    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
16:31:24.786    Disk 0 default boot code
16:31:24.817    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       933767 MB offset 206848
16:31:24.864    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS        19999 MB offset 1912561664
16:31:25.566    Disk 0 scanning C:\Windows\system32\drivers
16:32:19.821    Service scanning
16:32:54.438    Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
16:32:58.400    Service NTIOLib_1_0_C D:\NTIOLib_X64.sys **LOCKED** 21
16:33:17.187    Modules scanning
16:33:17.187    Disk 0 trace - called modules:
16:33:17.234    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
16:33:17.234    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d00060]
16:33:17.249    3 CLASSPNP.SYS[fffff8800182943f] -> nt!IofCallDriver -> [0xfffffa8003cc1ac0]
16:33:17.249    5 amd_xata.sys[fffff880010ced00] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa8004749320]
16:33:17.249    Disk 0 statistics 96539/0/0 @ 0.98 MB/s
16:33:17.265    Scan finished successfully
16:38:28.728    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
16:38:28.774    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-05-03 17:01:38
-----------------------------
17:01:38.811    OS Version: Windows x64 6.1.7601 Service Pack 1
17:01:38.811    Number of processors: 4 586 0x1001
17:01:38.827    ComputerName: USER-PC  UserName: User
17:02:16.454    Initialize success
17:02:16.688    VM: initialized successfully
17:02:16.704    VM: Amd CPU supported
17:02:21.859    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
17:02:21.859    Disk 0 Vendor: ST1000DM CC47 Size: 953869MB BusType: 11
17:02:22.233    Disk 0 MBR read successfully
17:02:22.233    Disk 0 MBR scan
17:02:22.233    Disk 0 Windows 7 default MBR code
17:02:22.280    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
17:02:22.327    Disk 0 default boot code
17:02:22.342    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       933767 MB offset 206848
17:02:22.389    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS        19999 MB offset 1912561664
17:02:22.623    Disk 0 scanning C:\Windows\system32\drivers
17:03:00.266    Service scanning
17:03:37.722    Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
17:03:41.091    Service NTIOLib_1_0_C D:\NTIOLib_X64.sys **LOCKED** 21
17:03:58.532    Modules scanning
17:03:58.532    Disk 0 trace - called modules:
17:03:58.563    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
17:03:58.563    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cff060]
17:03:58.579    3 CLASSPNP.SYS[fffff8800195443f] -> nt!IofCallDriver -> [0xfffffa8003cc1ac0]
17:03:58.579    5 amd_xata.sys[fffff8800106bd00] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa8004a605d0]
17:03:58.579    Disk 0 statistics 96539/0/0 @ 1.34 MB/s
17:03:58.594    Scan finished successfully
17:05:07.546    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
17:05:07.812    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

 


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is MSES functioning correctly now ?

Download and run farbar service scanner

fssscan.JPG

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#5
rickmr

rickmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Hello,

 

yes, it appears to be running ok at the moment :)

 

Here's the next log:

 

Farbar Service Scanner Version: 17-01-2015
Ran by User (administrator) on 03-05-2015 at 17:57:14
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#7
rickmr

rickmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Seems ok. No strange occurences thus far.

 

Are we looking clean? Do you think that this could have been knocking out my Plex and MSE?


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is that probability, what I would like for you to do is use the system as normal for a day or so, if all still appears good let me know and I will tidy up :)
  • 0

#9
rickmr

rickmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Great. Will post on here in a couple of days and let you know.

 

Thanks for all your help. :yeah:


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure, if you have any concerns then pop straight back here :)
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
With the controls are you trying to block downloads and the like ?

http://blogs.technet...e-easy-way.aspx
  • 0

#12
rickmr

rickmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Used the Microsoft family safety feature initially and I thought that it didn't allow downloads but not 100%.

 

I'll try the limited user thing now.

 

Cheers.

 

PS - Running well so far!


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

:)


  • 0

#14
rickmr

rickmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Hello,

 

happy to report that there have been no problems over the past few days :spoton:


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0






Similar Topics


Also tagged with one or more of these keywords: sendoriadware, slow computer

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP