Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

chrome.exe malware [Closed]

Started by prncssmelissa , May 03 2015 08:46 PM

This topic is locked

#1
prncssmelissa

Posted 03 May 2015 - 08:46 PM

New Member

Member
4 posts

I am struggling to rid this machine of the chrome.exe malware. When I look at the processes going on in the task manager, I have multiple instances of chrome.exe running, but Chrome is NOT installed on this machine. MalwareBytes has been run multiple times, the first two times, approx 150 issues were quarrintened and then deleted, and has been run a third time, this time coming up clean.

I have the FRST text file copied and pasted into this topic, to hopefully help expedite the process of getting this solved. The computer belongs to my stepdad's brother in law who is elderly and needs his computer back

thanks in advance!!

Melissa

FRST TXT FILES:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Admin (administrator) on ADMIN-HP on 03-05-2015 22:31:22
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin & (Available profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Users\Admin\AppData\Local\Protectium\Navigator\Protectium.exe" Protectiumicon url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
() C:\Users\Admin\AppData\Local\PrService\PrService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Advanced Micro Devices, Inc.) C:\Windows\System32\atibtmon.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2013-01-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [615760 2015-03-03] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [718248 2015-02-11] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-9863214-3227163779-590294082-1000\...\MountPoints2: {633c1796-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-21-9863214-3227163779-590294082-1000\...\MountPoints2: {633c17a2-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {633c1796-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {633c17a2-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-18\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...referrer:source?}
SearchScopes: HKLM -> {338EA8B7-5E70-4F4D-BE82-C6F868B797A5} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM -> {4C23CB19-CF04-46BB-97A5-EB876121ED8A} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM -> {559B1DA3-1DAB-412F-8886-EC0F22229F52} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {7BAB9F3B-C7E8-4AB0-9F0E-60BE7325539E} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {559B1DA3-1DAB-412F-8886-EC0F22229F52} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {338EA8B7-5E70-4F4D-BE82-C6F868B797A5} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 -> {4C23CB19-CF04-46BB-97A5-EB876121ED8A} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {559B1DA3-1DAB-412F-8886-EC0F22229F52} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {7BAB9F3B-C7E8-4AB0-9F0E-60BE7325539E} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000 -> {013F754E-87E1-4766-ABB1-B07D8491901B} URL =
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000 -> {338EA8B7-5E70-4F4D-BE82-C6F868B797A5} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000 -> {4C23CB19-CF04-46BB-97A5-EB876121ED8A} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000 -> {559B1DA3-1DAB-412F-8886-EC0F22229F52} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000 -> {7BAB9F3B-C7E8-4AB0-9F0E-60BE7325539E} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000 -> {B2DCDB59-6503-4CC0-AFA4-99BCEE216561} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000 -> {C4D04D90-A2F6-421E-909E-37730049B426} URL =
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000 -> {FB9A9E0F-7039-4A19-9B32-24953244487B} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {013F754E-87E1-4766-ABB1-B07D8491901B} URL =
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {338EA8B7-5E70-4F4D-BE82-C6F868B797A5} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4C23CB19-CF04-46BB-97A5-EB876121ED8A} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {559B1DA3-1DAB-412F-8886-EC0F22229F52} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7BAB9F3B-C7E8-4AB0-9F0E-60BE7325539E} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B2DCDB59-6503-4CC0-AFA4-99BCEE216561} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C4D04D90-A2F6-421E-909E-37730049B426} URL =
SearchScopes: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FB9A9E0F-7039-4A19-9B32-24953244487B} URL = https://search.yahoo...&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: No Name -> {90d712ee-e8a1-4bd3-a14e-8437c2ac1717} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: coooLncheap -> {90d712ee-e8a1-4bd3-a14e-8437c2ac1717} -> C:\Program Files (x86)\coooLncheap\LPMTfpL6eLfgVR.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
DPF: HKLM-x32 {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///E:/Scripts/LTOCX14N.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB
DPF: HKLM-x32 {1E4FF862-57ED-4E5C-9C57-3ECB8DC17827} http://192.168.1.200/ePlusDVR.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-03-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-9863214-3227163779-590294082-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-13] (Citrix Online)
FF Plugin HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-13] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2010-10-19]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-05]
FF HKU\S-1-5-21-9863214-3227163779-590294082-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-04-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [752232 2015-03-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [605472 2015-02-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-03-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-03-04] (Ninja Soft Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PrService; C:\Users\Admin\AppData\Local\PrService\PrService.exe [85504 2015-03-10] () [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
S2 f3f58402; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemAide\SystemAide.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-18] (EldoS Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-13] (EldoS Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 22:31 - 2015-05-03 22:35 - 00026428 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-05-03 22:29 - 2015-05-03 22:31 - 00000000 ____D () C:\FRST
2015-05-03 22:28 - 2015-05-03 22:28 - 02101248 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-05-03 21:58 - 2015-05-03 21:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-05-03 20:31 - 2015-05-03 21:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-03 20:31 - 2015-05-03 20:31 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-03 20:31 - 2015-05-03 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-03 20:31 - 2015-05-03 20:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-03 20:31 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-03 20:31 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-03 20:31 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-03 20:26 - 2015-05-03 20:26 - 00854388 _____ () C:\Users\Admin\Desktop\ESETPoweliksCleaner.exe_20150503.202603.3848.log
2015-05-03 20:26 - 2015-05-03 20:26 - 00000022 _____ () C:\Users\Admin\Desktop\ESETPoweliksCleaner.exe_20150503.202603.3848.zip
2015-05-03 16:01 - 2015-05-03 16:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\{9011C1B1-8EA6-4577-9796-307E66949456}
2015-05-03 15:38 - 2015-05-03 15:36 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-03 15:30 - 2015-05-03 15:30 - 00000000 _____ () C:\Windows\SysWOW64\REN99EF.tmp
2015-05-03 14:38 - 2015-05-03 17:01 - 00007605 ____H () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2015-05-01 11:14 - 2015-05-01 11:14 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{BBB72A0C-1457-407F-975D-626D54BF899F}
2015-04-30 15:51 - 2015-04-30 15:52 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{BF7C79A2-A351-40C3-B0B7-2761F8F5DB5A}
2015-04-29 14:19 - 2015-04-29 14:19 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{0198C6C1-5ADF-477C-8CCC-2444D07B77D6}
2015-04-28 19:03 - 2015-04-29 14:16 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForAdmin.job
2015-04-28 19:03 - 2015-04-28 19:03 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAdmin
2015-04-28 17:57 - 2015-04-28 17:58 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{7788CAA8-F973-40A6-BFE3-00AB63AA470E}
2015-04-27 17:44 - 2015-04-27 17:44 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{5DFEEB53-72ED-4628-B29F-2B917A1FE847}
2015-04-26 19:03 - 2015-04-26 19:04 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{705146AD-1FD2-463A-BA0A-28456EF04CDA}
2015-04-23 07:16 - 2015-04-23 07:16 - 00822377 ____H (Application Software ) C:\Users\Admin\Downloads\Unconfirmed 500732.crdownload
2015-04-23 07:16 - 2015-04-23 07:16 - 00822377 ____H (Application Software ) C:\Users\Admin\Downloads\Unconfirmed 426137.crdownload
2015-04-22 19:05 - 2015-04-22 19:05 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{AFED8955-1AC1-4A0C-80C8-4E0E4A8604BE}
2015-04-21 10:53 - 2015-04-21 10:54 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{2E3453CD-2AF1-4C80-BD9A-50CE4736622C}
2015-04-15 19:55 - 2015-04-15 19:55 - 00000000 _____ () C:\Windows\SysWOW64\REN5EE1.tmp
2015-04-15 19:52 - 2015-04-15 19:51 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-15 15:44 - 2015-04-15 15:44 - 00000000 __SHD () C:\found.000
2015-04-15 13:01 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 13:01 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 13:01 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 13:01 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 13:01 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 13:01 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 13:01 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 13:01 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 13:01 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 13:01 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 13:01 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 13:01 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 13:01 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 13:01 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 13:01 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 13:01 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 12:20 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 12:20 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 12:20 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 12:20 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 12:20 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 12:20 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 12:20 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 12:20 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 12:18 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 12:18 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 11:22 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 11:22 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 11:22 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 11:22 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 11:06 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 11:06 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 11:06 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 11:05 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 11:05 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 11:05 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 11:05 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 11:05 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 11:05 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 11:05 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 11:05 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 11:05 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 11:05 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 11:05 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 11:05 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 11:05 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 11:05 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 11:05 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 11:05 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 11:05 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 11:05 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 11:05 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 11:05 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 11:05 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 11:05 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 11:05 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 11:05 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 11:05 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 11:05 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 11:05 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 11:05 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 11:05 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 11:05 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 11:05 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 11:05 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 11:05 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 11:05 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 11:05 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 11:05 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 11:05 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 11:05 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 11:05 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 11:05 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 11:05 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 11:04 - 2015-04-15 11:05 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{772511F0-B046-4725-B56E-CCD16EACA1F7}
2015-04-15 10:12 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 10:07 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 10:07 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 10:07 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:07 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:07 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:07 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 10:07 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:07 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:07 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:07 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:07 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 10:07 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:07 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 10:07 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:07 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:07 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:07 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 10:07 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:07 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 10:07 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:07 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:07 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 10:07 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 10:07 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 10:07 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 10:07 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 10:07 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:07 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 10:07 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:07 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 10:07 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 10:07 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 10:07 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 10:07 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 10:07 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 10:07 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 10:07 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:07 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 10:07 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:07 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 10:07 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 10:07 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 10:07 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 10:07 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 10:07 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:07 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 10:07 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 10:07 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 10:07 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:07 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 10:07 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 10:07 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 10:07 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 10:06 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:06 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 10:06 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:06 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 10:06 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 10:05 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:05 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:05 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 23:03 - 2015-04-14 23:03 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{D26E1751-B6C5-45E3-968E-139E6A84A3BD}
2015-04-14 11:01 - 2015-04-14 11:01 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{3E76A0C5-6B2E-4B1C-938D-5F543263ED5F}
2015-04-13 22:59 - 2015-04-13 22:59 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{9A4A78AE-CBD2-4D39-9E29-48334DC38B90}
2015-04-13 12:15 - 2015-04-13 12:17 - 00202636 ____H () C:\Users\Admin\Downloads\2062.tmp
2015-04-13 11:38 - 2015-04-21 12:53 - 00000000 ____D () C:\Program Files (x86)\autoConvert Auto Currency & Unit Converter
2015-04-13 11:37 - 2015-04-21 15:09 - 00000000 ____D () C:\Program Files (x86)\topdeala
2015-04-13 11:01 - 2015-04-13 11:02 - 00830768 ____H (Software Web App ) C:\Users\Admin\Downloads\Unconfirmed 562710.crdownload
2015-04-13 10:57 - 2015-04-13 10:57 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{A6A72A7C-C1EF-4EC4-A298-B8C857439BFC}
2015-04-09 16:12 - 2015-05-03 21:31 - 00000000 ____D () C:\Program Files (x86)\SystemAide
2015-04-09 16:11 - 2015-04-09 16:11 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{51D54BF3-FF29-4573-B06F-B9AC1CC5D4C5}
2015-04-06 19:32 - 2015-04-06 19:34 - 00365485 ____H () C:\Users\Admin\Downloads\Unconfirmed 660273.crdownload
2015-04-06 19:22 - 2015-04-06 19:23 - 00144247 ____H () C:\Users\Admin\Downloads\Unconfirmed 140552.crdownload
2015-04-06 17:59 - 2015-04-06 17:59 - 00503501 ____H (Internet ) C:\Users\Admin\Downloads\Unconfirmed 1271.crdownload
2015-04-06 17:58 - 2015-04-06 17:58 - 00823768 ____H (Internet ) C:\Users\Admin\Downloads\Unconfirmed 851838.crdownload
2015-04-06 14:57 - 2015-04-06 14:57 - 00291107 ____H (Generic ) C:\Users\Admin\Downloads\Unconfirmed 105494.crdownload
2015-04-06 14:33 - 2015-04-06 14:33 - 01101184 ____H () C:\Users\Admin\Downloads\Unconfirmed 325029.crdownload
2015-04-06 13:37 - 2015-04-06 13:38 - 00280695 ____H () C:\Users\Admin\Downloads\Unconfirmed 681157.crdownload
2015-04-06 13:32 - 2015-04-06 13:38 - 00417987 ____H () C:\Users\Admin\Downloads\Unconfirmed 970502.crdownload
2015-04-06 13:31 - 2015-04-06 13:38 - 00884007 ____H (VideoLan ) C:\Users\Admin\Downloads\Unconfirmed 451759.crdownload
2015-04-06 13:23 - 2015-04-06 13:25 - 00422283 ____H () C:\Users\Admin\Downloads\Unconfirmed 981191.crdownload
2015-04-06 13:23 - 2015-04-06 13:24 - 00356969 ____H () C:\Users\Admin\Downloads\Unconfirmed 169217.crdownload
2015-04-06 13:21 - 2015-04-06 13:24 - 00335663 ____H () C:\Users\Admin\Downloads\Unconfirmed 881684.crdownload
2015-04-06 12:52 - 2015-04-06 12:52 - 00241560 ____H () C:\Users\Admin\Downloads\4D2D.tmp
2015-04-06 11:45 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-04-06 11:10 - 2015-04-06 11:11 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 11:10 - 2015-04-06 11:10 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-06 11:09 - 2015-04-06 11:09 - 00010405 ____H () C:\Users\Admin\Downloads\Unconfirmed 680603.crdownload
2015-04-06 11:08 - 2015-04-06 11:08 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{9A5F622F-0CF8-4939-B91B-EDF0CF708F04}
2015-04-04 08:49 - 2015-04-04 08:50 - 00484861 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 853619.crdownload
2015-04-04 08:30 - 2015-04-04 08:30 - 08678546 ____H () C:\Users\Admin\Downloads\Mailbox_Ext_Beta_0.4.1_150316 (1).zip
2015-04-04 08:28 - 2015-04-04 08:28 - 08678546 ____H () C:\Users\Admin\Downloads\Mailbox_Ext_Beta_0.4.1_150316.zip
2015-04-04 08:03 - 2015-04-04 08:03 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 148112.crdownload
2015-04-04 07:45 - 2015-04-04 07:45 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 949401.crdownload
2015-04-04 07:17 - 2015-04-04 07:17 - 00468200 ____H (Installer Technology Co) C:\Users\Admin\Downloads\Unconfirmed 773265.crdownload
2015-04-04 07:17 - 2015-04-04 07:17 - 00468200 ____H (Installer Technology Co) C:\Users\Admin\Downloads\Unconfirmed 520343.crdownload
2015-04-04 07:04 - 2015-04-04 07:04 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 767447.crdownload
2015-04-04 06:36 - 2015-04-04 06:36 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 896392.crdownload
2015-04-04 05:58 - 2015-04-04 05:58 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 977320.crdownload
2015-04-04 05:58 - 2015-04-04 05:58 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 314460.crdownload
2015-04-04 05:57 - 2015-04-04 05:57 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 471326.crdownload
2015-04-04 05:57 - 2015-04-04 05:57 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 159602.crdownload
2015-04-04 05:48 - 2015-04-04 05:48 - 00164597 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 243098.crdownload
2015-04-04 05:47 - 2015-04-04 05:47 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 904184.crdownload
2015-04-04 05:47 - 2015-04-04 05:47 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 716500.crdownload
2015-04-04 05:46 - 2015-04-04 05:46 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 97248.crdownload
2015-04-04 05:28 - 2015-04-04 05:28 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (4).website
2015-04-04 05:28 - 2015-04-04 05:28 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (3).website
2015-04-04 05:27 - 2015-04-04 05:27 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (2).website
2015-04-04 05:26 - 2015-04-04 05:27 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (1).website
2015-04-04 04:49 - 2015-04-04 04:50 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 692406.crdownload
2015-04-04 04:49 - 2015-04-04 04:49 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 431648.crdownload
2015-04-04 04:48 - 2015-04-04 04:48 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 900194.crdownload
2015-04-04 04:47 - 2015-04-04 04:47 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 881362.crdownload
2015-04-04 04:04 - 2015-04-04 04:04 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 546970.crdownload
2015-04-04 01:42 - 2015-04-04 01:42 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 618236.crdownload
2015-04-04 00:03 - 2015-04-04 00:03 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 948460.crdownload
2015-04-04 00:02 - 2015-04-04 00:02 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 6690.crdownload
2015-04-04 00:02 - 2015-04-04 00:02 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 143957.crdownload
2015-04-04 00:01 - 2015-04-04 00:01 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 857648.crdownload
2015-04-03 23:08 - 2015-04-03 23:08 - 00000483 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup.website
2015-04-03 22:28 - 2015-04-30 16:32 - 00027399 _____ () C:\Windows\system32\ScanResults.xml
2015-04-03 22:09 - 2015-04-30 15:51 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-04-03 20:39 - 2015-04-03 20:40 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{C4A9FEEA-B191-4644-BA3D-9AAEC577A210}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 22:35 - 2015-03-18 20:15 - 00000000 ___HD () C:\Users\Admin\AppData\Local\PrService
2015-05-03 22:28 - 2015-01-27 16:26 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
2015-05-03 21:52 - 2010-08-29 04:59 - 01655348 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 21:51 - 2015-03-17 20:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-03 21:44 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 21:44 - 2009-07-14 00:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 21:32 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 21:32 - 2009-07-14 00:51 - 00071872 _____ () C:\Windows\setupact.log
2015-05-03 21:31 - 2010-08-29 05:05 - 01175344 _____ () C:\Windows\PFRO.log
2015-05-03 21:29 - 2015-03-25 14:34 - 00000000 ____D () C:\ProgramData\Browser
2015-05-03 21:29 - 2015-02-18 13:59 - 00000000 ____D () C:\ProgramData\couponcheapchea
2015-05-03 21:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-03 16:53 - 2010-10-18 19:33 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FC81ADF5-7EB2-4833-AF8E-3A6D8F3338F1}
2015-05-03 16:43 - 2015-03-25 17:43 - 00000000 ____D () C:\Windows\pss
2015-05-03 16:22 - 2015-03-16 21:38 - 00000000 ___HD () C:\Users\Admin\AppData\Local\PC MightyMax 2015
2015-05-03 15:47 - 2010-10-18 06:03 - 00000000 ___HD () C:\Users\Admin\AppData\Local\Adobe
2015-05-03 15:46 - 2015-03-17 20:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-03 15:46 - 2015-03-17 20:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-03 15:46 - 2015-03-17 20:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-03 15:39 - 2013-09-29 17:01 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-03 15:35 - 2010-08-04 22:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-03 14:41 - 2015-01-30 20:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-03 14:15 - 2013-01-08 17:23 - 00000000 ___HD () C:\Users\Admin\AppData\Local\Citrix
2015-05-03 14:11 - 2010-10-19 22:17 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-03 14:08 - 2011-01-06 19:11 - 00000000 ____D () C:\Program Files (x86)\Coupons
2015-04-29 14:36 - 2015-02-04 19:50 - 00000000 ____D () C:\ProgramData\12884299035192847501
2015-04-21 10:55 - 2012-01-01 17:38 - 00000000 ___HD () C:\Users\Admin\AppData\Roaming\HpUpdate
2015-04-21 10:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 19:51 - 2010-08-04 22:50 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-04-15 19:51 - 2010-08-04 22:50 - 00207272 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-04-15 19:51 - 2010-08-04 22:50 - 00206760 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-04-15 19:51 - 2010-08-04 22:49 - 00000000 ____D () C:\Program Files\Java
2015-04-15 15:32 - 2015-01-24 18:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 15:32 - 2014-06-25 15:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 15:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 15:13 - 2010-10-19 19:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 12:18 - 2013-11-18 19:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 11:55 - 2010-10-21 11:55 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 11:54 - 2009-07-13 22:34 - 00000615 _____ () C:\Windows\win.ini
2015-04-14 15:14 - 2015-01-13 17:56 - 00003588 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-9863214-3227163779-590294082-1000
2015-04-13 18:14 - 2010-12-18 17:08 - 00000000 ___HD () C:\Users\Admin\AppData\Roaming\Skype
2015-04-13 17:14 - 2010-08-04 21:48 - 00000000 ____D () C:\ProgramData\Skype
2015-04-13 17:13 - 2010-12-18 17:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-09 16:13 - 2015-03-23 15:10 - 00000000 ____D () C:\ProgramData\ef40e1500000389e
2015-04-09 16:11 - 2010-10-04 02:19 - 00151336 ____H () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-09 16:07 - 2009-07-14 00:45 - 00527936 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-06 11:46 - 2010-10-19 22:17 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-04-03 21:36 - 2014-06-25 15:16 - 00050645 _____ () C:\Windows\IE11_main.log
2015-04-03 21:36 - 2011-12-27 17:58 - 00000000 ___HD () C:\Windows\msdownld.tmp

==================== Files in the root of some directories =======

2011-01-18 17:32 - 2011-10-25 09:37 - 0001854 ____H () C:\Users\Admin\AppData\Roaming\GhostObjGAFix.xml
2015-01-28 11:54 - 2015-01-28 11:54 - 0000043 ____H () C:\Users\Admin\AppData\Roaming\WB.CFG
2010-10-20 13:43 - 2015-01-15 14:37 - 0000550 ____H () C:\Users\Admin\AppData\Roaming\wklnhst.dat
2015-05-03 14:38 - 2015-05-03 17:01 - 0007605 ____H () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2010-12-18 17:10 - 2010-12-18 17:10 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-01-06 16:54 - 2015-04-02 15:27 - 0014649 _____ () C:\ProgramData\hpzinstall.log
2010-08-29 05:23 - 2010-08-29 05:23 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-08-04 22:16 - 2010-08-04 22:17 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-08-29 05:23 - 2010-08-29 05:23 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-08-04 22:10 - 2010-08-04 22:11 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-29 05:22 - 2010-08-29 05:22 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-08-29 05:23 - 2010-08-29 05:23 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-08-04 22:10 - 2010-08-04 22:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-08-04 22:12 - 2010-08-04 22:16 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-08-29 05:23 - 2010-08-29 05:23 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Admin\AppData\Local\Temp\_is2329.exe
C:\Users\Admin\AppData\Local\Temp\_is48B3.exe
C:\Users\Admin\AppData\Local\Temp\_isB103.exe
C:\Users\Admin\AppData\Local\Temp\_isDE3A.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 19:44

==================== End Of Log ============================

Second Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by Admin at 2015-05-03 22:38:28
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Admin (S-1-5-21-9863214-3227163779-590294082-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-9863214-3227163779-590294082-500 - Administrator - Disabled)
Guest (S-1-5-21-9863214-3227163779-590294082-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-9863214-3227163779-590294082-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
American Greetings CreataCard Select 6 (HKLM-x32\...\{9770A25C-45A7-478E-AF50-4FDE53EED270}) (Version: - )
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11A4D79B-672C-7FFF-B5F7-B4409B1194EF}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
autoConvert Auto Currency & Unit Converter (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version: - "")
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.09 - Avanquest Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - BubbleSound) <==== ATTENTION!
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C4700 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2010.0416.541.8279 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4121 - Hewlett-Packard) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Family Tree Maker 2009 (HKLM-x32\...\Family Tree Maker 2009) (Version: 18.0.305 - The Generations Network)
Family Tree Maker 2009 (x32 Version: 18.0.305 - The Generations Network) Hidden
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.388 - Ancestry.com, Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
GIMP (HKLM-x32\...\{46BBA993-5554-42E7-8042-E760D92A580A}) (Version: 2.6.11 - Spencer Kimball)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Greetings Workshop (HKLM-x32\...\Greetings Workshop) (Version: - )
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{E5AE53A7-1A79-4840-998F-A18042A2F568}) (Version: 1.1.1.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4215 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}) (Version: 1.0.9.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-9863214-3227163779-590294082-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version: - )
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyMailList & AddressBook (HKLM-x32\...\{DD78A3E4-4C62-4CE4-8CF5-136F29BBA0B4}) (Version: 9.0.0.0 - Avanquest Publishing USA, Inc.)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
PCmover Professional (HKLM-x32\...\{30E411BE-C174-405F-9361-27F4CEDE0C19}) (Version: 6.00.620.0 - Laplink Software, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Quicken 2008 (HKLM-x32\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.6.7 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.1.4 - Reimage) <==== ATTENTION
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmarttCOmopaare (HKLM-x32\...\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}) (Version: - SmartCompare) <==== ATTENTION
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
SystemAide (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f3f58402}) (Version: - Software Publisher) <==== ATTENTION
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.061 - The New York Times Company)
Times Reader (x32 Version: 2.061 - The New York Times Company) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\ernden\berdis.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\ernden\berdis.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-9863214-3227163779-590294082-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

30-03-2015 08:51:59 Windows Defender Checkpoint
30-03-2015 08:53:19 1: 1717 2: Marketsplash Shortcuts
02-04-2015 15:46:02 Windows Update
06-04-2015 11:07:41 Windows Update
06-04-2015 20:16:23 Installed HP Support Solutions Framework
09-04-2015 16:30:51 Windows Update
13-04-2015 16:59:46 McAfee Vulnerability Scanner
13-04-2015 17:14:39 Windows Update
15-04-2015 10:01:55 Windows Update
21-04-2015 12:00:58 Windows Update
26-04-2015 19:40:43 Windows Update
03-05-2015 14:12:41 Removed Citrix Online Launcher
03-05-2015 14:27:13 Windows Update
03-05-2015 15:24:28 Removed Java 8 Update 45

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02C047E7-3A71-4AB3-959B-50165B29C5AE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {063FD40F-760B-42DD-A215-26DB908DE4A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {090A3FF2-9751-4519-9777-7659BA7C2E1A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {10F4A18B-2B8F-4017-B9B6-5E0B35906EC8} - System32\Tasks\{F3380154-4387-495C-9744-158A4E5AF842} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {1BA5CC77-763F-46E0-B105-1BD3B22D1B8D} - \SPDriver No Task File <==== ATTENTION
Task: {25884663-BF4E-481A-8FF2-48E1F9F87A62} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {25D1EAA9-DF66-45A8-A6FC-E24D2A2E3761} - System32\Tasks\UpdaterEX => C:\Users\Admin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2E0EA5E9-9AAA-4A82-95A9-CCF4C708A8BC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
Task: {3392CC9F-808E-4271-B017-F6123787266C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {348222F0-436D-44B9-8F3E-7C1A03879F4E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {36B47A19-A6BF-4C40-A7D6-7BD078D29A4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {43B81A2A-18A9-4277-B3EC-572628BA179E} - System32\Tasks\AdobeAAMUpdater-1.0-Admin-HP-Admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {541C683B-91EC-4FCD-94E3-2317776CC161} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {56F9949A-14C9-4D37-8D7D-48A7577B48F9} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {5ADF18C6-C6E8-40DD-B105-156B4852D8D6} - \ShopperPro No Task File <==== ATTENTION
Task: {7445E8C3-E467-433B-AFB7-8EDBE0F3499D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8052481C-245D-4543-A7C3-E78A63BCE473} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {859D11D2-98E8-466F-8314-1A9A47E2DB57} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8AF77C0B-87A9-4880-B993-0BDCE5D2A74F} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {9201FDCF-BEB6-4503-82EF-64CA1C7A1490} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {92ABBBEA-C16D-43EA-9A38-D1D6C599E35B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {A3184178-71D9-4014-A6E3-704184F55E71} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {A855149E-B2EF-4749-9E38-AE780FB0400E} - System32\Tasks\HPCeeScheduleForAdmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {A96564FD-5D58-47D8-9759-9F61587463DB} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {AA849CFD-99ED-4E8C-B1E2-E605E3F9C7D7} - \SPBIW_UpdateTask_Time_313234343437383838382d3737555a416c503257344a41 No Task File <==== ATTENTION
Task: {B14DBF37-5D60-4327-9FFE-BC1FC96ABBC6} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {B7122180-0F23-4F49-8676-494841E32C05} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {D2C51618-018F-4B9B-8966-394B245920C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D75A06B3-2C65-4856-8982-11EF09EC6844} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {D7F83BCE-BC08-4B34-A69F-A8D95749CA80} - System32\Tasks\G2MUpdateTask-S-1-5-21-9863214-3227163779-590294082-1000 => C:\Users\Admin\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: {E0F1B9D7-66B6-4C81-84E9-363FB49AB2E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-08-07] (Microsoft)
Task: {E1333C3C-9D40-4234-93C1-C812808C1B2E} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {E61C7B71-FD41-4D29-A0AF-5C1BB43D0B13} - \avaavxvyex No Task File <==== ATTENTION
Task: {E8BEA666-EFBD-4C21-B676-01132BF74E25} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-23] ()
Task: {EE7303E2-0801-4B05-B898-42C00B4113A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {EF31F360-EE37-42AB-AC67-616332389086} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {FB5406A2-A419-464D-9920-C12C99FFB5C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-03] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAdmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Admin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-01-08 14:12 - 2015-01-08 14:12 - 02264576 _____ () C:\Program Files\BubbleSound\BubbleSound.dll
2015-03-16 18:28 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-30 20:11 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-10 10:57 - 2015-03-10 10:57 - 00085504 ____H () C:\Users\Admin\AppData\Local\PrService\PrService.exe
2015-01-14 06:07 - 2015-01-14 06:07 - 06757728 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2010-06-18 19:26 - 2010-06-18 19:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-11-17 21:32 - 2014-11-17 21:32 - 00145920 ____H () C:\Users\Admin\AppData\Roaming\ernden\berdis.dll
2015-03-04 08:10 - 2015-03-04 08:10 - 00109160 _____ () C:\Program Files (x86)\Ninja Loader\Modules\Core.dll
2015-03-04 08:09 - 2015-03-04 08:09 - 00046696 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BdUdr.dll
2015-03-04 08:10 - 2015-03-04 08:10 - 00041576 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WInIn.dll
2015-03-04 08:09 - 2015-03-04 08:09 - 00039528 _____ () C:\Program Files (x86)\Ninja Loader\Modules\ArSp.dll
2015-03-04 07:44 - 2015-03-04 07:44 - 00110080 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BrSp.dll
2015-03-04 08:09 - 2015-03-04 08:09 - 00090728 _____ () C:\Program Files (x86)\Ninja Loader\Modules\CdPrc.dll
2015-03-04 08:10 - 2015-03-04 08:10 - 00096872 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WbSt.dll
2015-03-04 08:10 - 2015-03-04 08:10 - 00056424 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WdCtl.dll
2015-03-23 11:55 - 2014-12-25 08:19 - 01091584 ____H () C:\Users\Admin\AppData\Local\Ninja Loader\Chrome-bin\libglesv2.dll
2015-03-23 11:55 - 2014-12-25 08:19 - 00167936 ____H () C:\Users\Admin\AppData\Local\Ninja Loader\Chrome-bin\libEGL.dll
2015-03-23 11:55 - 2015-02-04 07:58 - 08569856 ____H () C:\Users\Admin\AppData\Local\Ninja Loader\Chrome-bin\pdf.dll
2015-03-23 11:55 - 2014-12-25 08:43 - 00324608 ____H () C:\Users\Admin\AppData\Local\Ninja Loader\Chrome-bin\ppGoogleNaClPluginChrome.dll
2015-03-23 11:55 - 2014-12-25 08:43 - 00880128 ____H () C:\Users\Admin\AppData\Local\Ninja Loader\Chrome-bin\ffmpegsumo.dll
2015-03-23 11:55 - 2014-09-23 00:07 - 14891848 ____H () C:\Users\Admin\AppData\Local\Ninja Loader\Chrome-bin\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-9863214-3227163779-590294082-1000\...\ancestry.com -> hxxp://ancestry.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-9863214-3227163779-590294082-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Forget Me Not.lnk => C:\Windows\pss\Forget Me Not.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OptimizerPro-UNInstaller.lnk => C:\Windows\pss\OptimizerPro-UNInstaller.lnk.Startup
MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: gmsd_us_328 =>
MSCONFIG\startupreg: gmsd_us_335 =>
MSCONFIG\startupreg: gmsd_us_343 => "C:\Program Files (x86)\gmsd_us_343\gmsd_us_343.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Norton Online Backup =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartWeb => C:\Users\Admin\AppData\Local\SmartWeb\SmartWebHelper.exe
MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.39.0.1636\jsdrv.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{D96241F7-96DD-447A-B373-00CAC5E60221}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E4BC9770-5E35-41AD-83AB-4ECCD89FBC3E}] => (Allow) svchost.exe
FirewallRules: [{4D706B91-E226-4013-9B8F-29908C9B5DD2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{92E94368-6854-41CB-B164-8A6DA26EE30F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{2A05F6C5-A085-4A04-AFC5-585012515A82}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{B9530569-2CD9-4AA4-BA0C-B89770AA7D4D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{5078B19C-101E-465D-84B9-FAD9A2AF8711}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{621407CA-9A5A-4F80-BF8B-4005CC9761BB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{351CC478-DC80-41E4-8B85-0C93354B7DE5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{007FC827-F7DE-4B7C-A643-7A3A21DAA230}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{7277DF00-2AA5-4C70-81CB-1A20B1C931E9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{4473F4E6-0A8E-4D85-85CC-AB106AF8A0AB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{3526A551-8F12-40F8-9CFD-039843875747}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{52F3D667-3602-4EC5-8EB4-A720C16DCCC7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{295B7DFA-396D-4463-9E0D-9852F0A3A393}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{9BD828E3-DDC1-4D11-B9CE-6386C98345C5}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{0B2E3694-B1D9-41E0-802F-4F52DF636190}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{896452BC-8F0D-4E16-BD46-938A0CE4C09D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{85A32154-0EAD-4C1F-9064-2DAE813C482C}] => (Allow) LPort=2869
FirewallRules: [{13F36DD6-F215-48D7-8F9C-2F8C91F22590}] => (Allow) LPort=1900
FirewallRules: [{AC350742-3D35-493E-808A-561C26C621C7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{4D1F96FF-F78F-4D79-A8C4-94E56E8F6F80}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{02655642-E604-433D-B24D-0964140C0035}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{22FFA369-F66D-460C-BE7D-89D2B89DFB62}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
FirewallRules: [{DECACC42-BEC3-4DFE-9EF3-FD24C805A7C4}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{9CB89238-7412-45EB-B292-88058AABA583}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{E8A24D58-C98B-4873-BFB8-89CE393F36DC}] => (Allow) LPort=7000
FirewallRules: [{64767C14-77B4-48A3-AB8C-628A0EB540D0}] => (Allow) LPort=7000
FirewallRules: [{DE42D7C9-5E26-4423-A990-6FD272FEB227}] => (Allow) C:\Program Files (x86)\Laplink\PCmover\pcmover.exe
FirewallRules: [{41E18F03-27AA-4D90-A3EC-7CF829DCADDF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{92E55F5A-8FEC-4031-B0B8-42FAEA5E1579}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{85529365-B807-4F71-B1CD-3986F5A45F7D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{14C6A8B0-CA63-401E-A805-D47C7EBF6009}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{7EB0373C-AA05-4F9A-92F1-74624C104DE1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{97EB3249-7DA7-4433-A922-66502771A552}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{7CF73763-739C-4853-9507-89E2CD27DE20}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{62B63DEC-FBD0-4584-BB53-D1CC37F6DCD7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8371189E-79F1-4FD0-BEE5-6F517E9A73AB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{CB2AD22E-8FA4-4FA0-8971-983457358E8D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{6FAC344D-DFAD-494C-BBB6-ED7DE2E96D2A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{0757D300-F058-4A88-BE82-12EE90F274D3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{E3B63BB3-73FB-4548-BD2A-D8E2C52D09DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C361C599-A412-4626-85DD-61AD466C8ED8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{D395C805-C7A6-43D4-ACDC-A56E8E9FB8FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{E5114F8B-8397-45F8-B198-92B8FEE78F13}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D9A6D32C-E1DB-44DE-843F-8100D7A6A0DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{46E4B394-250F-4494-8228-2F96CF121D8D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{92CCDE49-E7C2-4329-A6E5-31264A07EEDA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{C656D7D4-8458-4F63-B6FE-1FE1D91F5DD6}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7E585727-5D7A-4674-B959-034EF4E1709D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{3BE2CA42-DAE6-452B-8FEC-735885E300C9}] => (Allow) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{97DC4E13-98E5-4B7E-AC86-50E18F0ED14D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0AF3A7F4-55D6-4B3B-BCF4-3B21FDE3BBBB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC4D0D57-1C26-48BE-AB30-09EDE561FE71}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2E475256-4F85-456E-86B9-C9C45988B941}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B427A63B-F974-4EF3-BEA8-4A6570D30221}] => (Allow) E:\setup\hpznui40.exe
FirewallRules: [{05C682A1-1DB6-4E5D-9997-3397AB801BFC}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS2FD8\hppiw.exe
FirewallRules: [{970EFA6E-A244-4175-B0E4-1E6AC009BC21}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS2FD8\hppiw.exe
FirewallRules: [{DAA2892A-F8BF-4001-83F6-917CBBB0B3B2}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS3648\HPDiagnosticCoreUI.exe
FirewallRules: [{D8CC6D6E-EB18-41F9-BB58-361108024623}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS3648\HPDiagnosticCoreUI.exe
FirewallRules: [{557CC20E-48E1-4DEF-B838-F0139699B112}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{BA9C0F4C-BC40-400D-9FFD-6C58A94CB98D}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{43B0A433-FDFA-4815-8C0A-D01949DBB609}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{C07577BD-8079-4C4F-B290-73BF4FD728BA}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2C20055E-487D-4E27-BEDA-F5D9554BCD42}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{48B7CDBC-933E-4645-8899-41A55D36B8A3}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{36BF5632-8A71-4FE0-823C-A16856BFB666}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4BC01626-0ACA-478B-9678-649464651643}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{FFA496DB-7DB3-4FE2-9BDB-AF692A21A4A6}] => (Allow) C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B506A706-9784-42AC-9804-812455BB9ECB}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2015 09:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: perfmon.exe, version: 6.1.7601.17514, time stamp: 0x4ce7972c
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000005105c
Faulting process id: 0xdc
Faulting application start time: 0xperfmon.exe0
Faulting application path: perfmon.exe1
Faulting module path: perfmon.exe2
Report Id: perfmon.exe3

Error: (05/03/2015 04:37:06 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (05/03/2015 04:36:25 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905

Error: (05/03/2015 04:36:25 PM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: Failed to load a dependant module.
Error Code:a7f42003

Error: (05/03/2015 03:48:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.2.929 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14c8

Start Time: 01d085da03b8ab2d

Termination Time: 31

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 5091eca9-f1cd-11e4-a38b-002713dff999

Error: (05/03/2015 03:47:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.2.929 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 83c

Start Time: 01d085d2acd3cf6d

Termination Time: 385

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 2b28a7cd-f1cd-11e4-a38b-002713dff999

Error: (05/03/2015 03:44:18 PM) (Source: ESENT) (EventID: 215) (User: )
Description: wlmail (4684) WindowsLiveMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (05/03/2015 03:44:18 PM) (Source: ESENT) (EventID: 217) (User: )
Description: wlmail (4684) WindowsLiveMail0: Error (-1032) during backup of a database (file C:\Users\Admin\AppData\Local\Microsoft\Windows Live Mail\Mail.MSMessageStore). The database will be unable to restore.

Error: (05/03/2015 03:44:18 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wlmail (4684) WindowsLiveMail0: An attempt to create the file "C:\Users\Admin\AppData\Local\Microsoft\Windows Live Mail\Mail.pat" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (05/03/2015 02:01:27 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: McShield failed to start because it is not trusted.
Error Code:a7f40905

System errors:
=============
Error: (05/03/2015 10:38:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/03/2015 10:38:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/03/2015 10:38:20 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/03/2015 10:38:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/03/2015 10:38:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/03/2015 10:38:17 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/03/2015 10:38:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/03/2015 10:38:17 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/03/2015 10:38:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Microsoft Office Sessions:
=========================
Error: (05/03/2015 09:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: perfmon.exe6.1.7601.175144ce7972cntdll.dll6.1.7601.187985507b864c0000005000000000005105cdc01d0860ad24a0360C:\Windows\System32\perfmon.exeC:\Windows\SYSTEM32\ntdll.dll2f000480-f1fe-11e4-b8db-002713dff999

Error: (05/03/2015 04:37:06 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (05/03/2015 04:36:25 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905

Error: (05/03/2015 04:36:25 PM) (Source: AVLogEvent) (EventID: 5007) (User: NT AUTHORITY)
Description: a7f42003

Error: (05/03/2015 03:48:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.2.92914c801d085da03b8ab2d31C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe5091eca9-f1cd-11e4-a38b-002713dff999

Error: (05/03/2015 03:47:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.2.92983c01d085d2acd3cf6d385C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe2b28a7cd-f1cd-11e4-a38b-002713dff999

Error: (05/03/2015 03:44:18 PM) (Source: ESENT) (EventID: 215) (User: )
Description: wlmail4684WindowsLiveMail0:

Error: (05/03/2015 03:44:18 PM) (Source: ESENT) (EventID: 217) (User: )
Description: wlmail4684WindowsLiveMail0: -1032C:\Users\Admin\AppData\Local\Microsoft\Windows Live Mail\Mail.MSMessageStore

Error: (05/03/2015 03:44:18 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wlmail4684WindowsLiveMail0: C:\Users\Admin\AppData\Local\Microsoft\Windows Live Mail\Mail.pat-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (05/03/2015 02:01:27 PM) (Source: AVLogEvent) (EventID: 5010) (User: NT AUTHORITY)
Description: a7f40905

CodeIntegrity Errors:
===================================
Date: 2015-03-23 15:26:58.216
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-23 15:26:57.331
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-23 15:17:13.385
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-23 15:17:12.895
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-23 15:17:00.966
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-23 15:17:00.841
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-23 15:16:54.069
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-23 15:16:52.132
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-23 15:16:51.888
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-23 15:16:51.467
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Turion™ II P540 Dual-Core Processor
Percentage of memory in use: 73%
Total physical RAM: 3834.9 MB
Available physical RAM: 1018.29 MB
Total Pagefile: 7668 MB
Available Pagefile: 3698.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.88 GB) (Free:361.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.58 GB) (Free:2.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B1AB0CD8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

#2
Essexboy

Posted 04 May 2015 - 07:01 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi Melissa, Ninjaloader is the culprit so lets get shot of him and all his mates

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-9863214-3227163779-590294082-1000\...\MountPoints2: {633c1796-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-21-9863214-3227163779-590294082-1000\...\MountPoints2: {633c17a2-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {633c1796-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {633c17a2-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-18\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {90d712ee-e8a1-4bd3-a14e-8437c2ac1717} -> No File
BHO-x32: coooLncheap -> {90d712ee-e8a1-4bd3-a14e-8437c2ac1717} -> C:\Program Files (x86)\coooLncheap\LPMTfpL6eLfgVR.dll No File
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-03-04] (Ninja Soft Inc.)
R2 PrService; C:\Users\Admin\AppData\Local\PrService\PrService.exe [85504 2015-03-10] () [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
S2 f3f58402; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemAide\SystemAide.dll",serv
2015-05-03 16:01 - 2015-05-03 16:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\{9011C1B1-8EA6-4577-9796-307E66949456}
2015-05-03 15:30 - 2015-05-03 15:30 - 00000000 _____ () C:\Windows\SysWOW64\REN99EF.tmp
2015-05-01 11:14 - 2015-05-01 11:14 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{BBB72A0C-1457-407F-975D-626D54BF899F}
2015-04-30 15:51 - 2015-04-30 15:52 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{BF7C79A2-A351-40C3-B0B7-2761F8F5DB5A}
2015-04-29 14:19 - 2015-04-29 14:19 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{0198C6C1-5ADF-477C-8CCC-2444D07B77D6}
2015-04-28 17:57 - 2015-04-28 17:58 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{7788CAA8-F973-40A6-BFE3-00AB63AA470E}
2015-04-27 17:44 - 2015-04-27 17:44 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{5DFEEB53-72ED-4628-B29F-2B917A1FE847}
2015-04-26 19:03 - 2015-04-26 19:04 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{705146AD-1FD2-463A-BA0A-28456EF04CDA}
2015-04-23 07:16 - 2015-04-23 07:16 - 00822377 ____H (Application Software ) C:\Users\Admin\Downloads\Unconfirmed 500732.crdownload
2015-04-23 07:16 - 2015-04-23 07:16 - 00822377 ____H (Application Software ) C:\Users\Admin\Downloads\Unconfirmed 426137.crdownload
2015-04-22 19:05 - 2015-04-22 19:05 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{AFED8955-1AC1-4A0C-80C8-4E0E4A8604BE}
2015-04-21 10:53 - 2015-04-21 10:54 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{2E3453CD-2AF1-4C80-BD9A-50CE4736622C}
2015-04-15 19:55 - 2015-04-15 19:55 - 00000000 _____ () C:\Windows\SysWOW64\REN5EE1.tmp
2015-04-14 23:03 - 2015-04-14 23:03 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{D26E1751-B6C5-45E3-968E-139E6A84A3BD}
2015-04-14 11:01 - 2015-04-14 11:01 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{3E76A0C5-6B2E-4B1C-938D-5F543263ED5F}
2015-04-13 22:59 - 2015-04-13 22:59 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{9A4A78AE-CBD2-4D39-9E29-48334DC38B90}
2015-04-13 12:15 - 2015-04-13 12:17 - 00202636 ____H () C:\Users\Admin\Downloads\2062.tmp
2015-04-13 11:37 - 2015-04-21 15:09 - 00000000 ____D () C:\Program Files (x86)\topdeala
2015-04-13 11:01 - 2015-04-13 11:02 - 00830768 ____H (Software Web App ) C:\Users\Admin\Downloads\Unconfirmed 562710.crdownload
2015-04-13 10:57 - 2015-04-13 10:57 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{A6A72A7C-C1EF-4EC4-A298-B8C857439BFC}
2015-04-09 16:12 - 2015-05-03 21:31 - 00000000 ____D () C:\Program Files (x86)\SystemAide
2015-04-09 16:11 - 2015-04-09 16:11 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{51D54BF3-FF29-4573-B06F-B9AC1CC5D4C5}
2015-04-06 19:32 - 2015-04-06 19:34 - 00365485 ____H () C:\Users\Admin\Downloads\Unconfirmed 660273.crdownload
2015-04-06 19:22 - 2015-04-06 19:23 - 00144247 ____H () C:\Users\Admin\Downloads\Unconfirmed 140552.crdownload
2015-04-06 17:59 - 2015-04-06 17:59 - 00503501 ____H (Internet ) C:\Users\Admin\Downloads\Unconfirmed 1271.crdownload
2015-04-06 17:58 - 2015-04-06 17:58 - 00823768 ____H (Internet ) C:\Users\Admin\Downloads\Unconfirmed 851838.crdownload
2015-04-06 14:57 - 2015-04-06 14:57 - 00291107 ____H (Generic ) C:\Users\Admin\Downloads\Unconfirmed 105494.crdownload
2015-04-06 14:33 - 2015-04-06 14:33 - 01101184 ____H () C:\Users\Admin\Downloads\Unconfirmed 325029.crdownload
2015-04-06 13:37 - 2015-04-06 13:38 - 00280695 ____H () C:\Users\Admin\Downloads\Unconfirmed 681157.crdownload
2015-04-06 13:32 - 2015-04-06 13:38 - 00417987 ____H () C:\Users\Admin\Downloads\Unconfirmed 970502.crdownload
2015-04-06 13:31 - 2015-04-06 13:38 - 00884007 ____H (VideoLan ) C:\Users\Admin\Downloads\Unconfirmed 451759.crdownload
2015-04-06 13:23 - 2015-04-06 13:25 - 00422283 ____H () C:\Users\Admin\Downloads\Unconfirmed 981191.crdownload
2015-04-06 13:23 - 2015-04-06 13:24 - 00356969 ____H () C:\Users\Admin\Downloads\Unconfirmed 169217.crdownload
2015-04-06 13:21 - 2015-04-06 13:24 - 00335663 ____H () C:\Users\Admin\Downloads\Unconfirmed 881684.crdownload
2015-04-06 12:52 - 2015-04-06 12:52 - 00241560 ____H () C:\Users\Admin\Downloads\4D2D.tmp
2015-04-06 11:09 - 2015-04-06 11:09 - 00010405 ____H () C:\Users\Admin\Downloads\Unconfirmed 680603.crdownload
2015-04-06 11:08 - 2015-04-06 11:08 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{9A5F622F-0CF8-4939-B91B-EDF0CF708F04}
2015-04-04 08:49 - 2015-04-04 08:50 - 00484861 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 853619.crdownload
2015-04-04 08:03 - 2015-04-04 08:03 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 148112.crdownload
2015-04-04 07:45 - 2015-04-04 07:45 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 949401.crdownload
2015-04-04 07:17 - 2015-04-04 07:17 - 00468200 ____H (Installer Technology Co) C:\Users\Admin\Downloads\Unconfirmed 773265.crdownload
2015-04-04 07:17 - 2015-04-04 07:17 - 00468200 ____H (Installer Technology Co) C:\Users\Admin\Downloads\Unconfirmed 520343.crdownload
2015-04-04 07:04 - 2015-04-04 07:04 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 767447.crdownload
2015-04-04 06:36 - 2015-04-04 06:36 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 896392.crdownload
2015-04-04 05:58 - 2015-04-04 05:58 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 977320.crdownload
2015-04-04 05:58 - 2015-04-04 05:58 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 314460.crdownload
2015-04-04 05:57 - 2015-04-04 05:57 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 471326.crdownload
2015-04-04 05:57 - 2015-04-04 05:57 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 159602.crdownload
2015-04-04 05:48 - 2015-04-04 05:48 - 00164597 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 243098.crdownload
2015-04-04 05:47 - 2015-04-04 05:47 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 904184.crdownload
2015-04-04 05:47 - 2015-04-04 05:47 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 716500.crdownload
2015-04-04 05:46 - 2015-04-04 05:46 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 97248.crdownload
2015-04-04 05:28 - 2015-04-04 05:28 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (4).website
2015-04-04 05:28 - 2015-04-04 05:28 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (3).website
2015-04-04 05:27 - 2015-04-04 05:27 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (2).website
2015-04-04 05:26 - 2015-04-04 05:27 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (1).website
2015-04-04 04:49 - 2015-04-04 04:50 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 692406.crdownload
2015-04-04 04:49 - 2015-04-04 04:49 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 431648.crdownload
2015-04-04 04:48 - 2015-04-04 04:48 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 900194.crdownload
2015-04-04 04:47 - 2015-04-04 04:47 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 881362.crdownload
2015-04-04 04:04 - 2015-04-04 04:04 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 546970.crdownload
2015-04-04 01:42 - 2015-04-04 01:42 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 618236.crdownload
2015-04-04 00:03 - 2015-04-04 00:03 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 948460.crdownload
2015-04-04 00:02 - 2015-04-04 00:02 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 6690.crdownload
2015-04-04 00:02 - 2015-04-04 00:02 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 143957.crdownload
2015-04-04 00:01 - 2015-04-04 00:01 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 857648.crdownload
2015-04-03 23:08 - 2015-04-03 23:08 - 00000483 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup.website
2015-04-03 20:39 - 2015-04-03 20:40 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{C4A9FEEA-B191-4644-BA3D-9AAEC577A210}
2015-05-03 22:35 - 2015-03-18 20:15 - 00000000 ___HD () C:\Users\Admin\AppData\Local\PrService
2015-05-03 22:28 - 2015-01-27 16:26 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
2015-05-03 21:29 - 2015-03-25 14:34 - 00000000 ____D () C:\ProgramData\Browser
2015-05-03 21:29 - 2015-02-18 13:59 - 00000000 ____D () C:\ProgramData\couponcheapchea
2015-05-03 16:22 - 2015-03-16 21:38 - 00000000 ___HD () C:\Users\Admin\AppData\Local\PC MightyMax 2015
2015-05-03 14:08 - 2011-01-06 19:11 - 00000000 ____D () C:\Program Files (x86)\Coupons
2015-04-29 14:36 - 2015-02-04 19:50 - 00000000 ____D () C:\ProgramData\12884299035192847501
2015-04-09 16:13 - 2015-03-23 15:10 - 00000000 ____D () C:\ProgramData\ef40e1500000389e
Task: {1BA5CC77-763F-46E0-B105-1BD3B22D1B8D} - \SPDriver No Task File <==== ATTENTION
Task: {25884663-BF4E-481A-8FF2-48E1F9F87A62} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {25D1EAA9-DF66-45A8-A6FC-E24D2A2E3761} - System32\Tasks\UpdaterEX => C:\Users\Admin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {541C683B-91EC-4FCD-94E3-2317776CC161} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {5ADF18C6-C6E8-40DD-B105-156B4852D8D6} - \ShopperPro No Task File <==== ATTENTION
Task: {8AF77C0B-87A9-4880-B993-0BDCE5D2A74F} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {A3184178-71D9-4014-A6E3-704184F55E71} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {A96564FD-5D58-47D8-9759-9F61587463DB} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {AA849CFD-99ED-4E8C-B1E2-E605E3F9C7D7} - \SPBIW_UpdateTask_Time_313234343437383838382d3737555a416c503257344a41 No Task File <==== ATTENTION
Task: {B14DBF37-5D60-4327-9FFE-BC1FC96ABBC6} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {E1333C3C-9D40-4234-93C1-C812808C1B2E} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {E61C7B71-FD41-4D29-A0AF-5C1BB43D0B13} - \avaavxvyex No Task File <==== ATTENTION
Task: {EF31F360-EE37-42AB-AC67-616332389086} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Admin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Admin\AppData\Local\Ninja Loader
C:\Users\Admin\AppData\Local\PrService
C:\Program Files\Reimage
C:\Program Files (x86)\coooLncheap
C:\Program Files (x86)\Ninja Loader
c:\Program Files (x86)\SystemAide
C:\Program Files (x86)\YTDownloader\
C:\Users\Admin\AppData\Roaming\UPDATE~1
C:\Program Files (x86)\Super Optimizer
C:\Program Files\Common Files\Goobzo
C:\Program Files (x86)\MyPC Backup
C:\Users\Admin\AppData\Roaming\ernden
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

#3
prncssmelissa

Posted 04 May 2015 - 12:46 PM

New Member

Topic Starter
Member
4 posts

FRST - fix log -

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2015
Ran by Admin at 2015-05-04 14:17:01 Run:1
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-9863214-3227163779-590294082-1000\...\MountPoints2: {633c1796-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-21-9863214-3227163779-590294082-1000\...\MountPoints2: {633c17a2-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {633c1796-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {633c17a2-dc7f-11df-86cc-002713dff999} - "F:\Ativa File Transfer .exe" bootup
HKU\S-1-5-18\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {90d712ee-e8a1-4bd3-a14e-8437c2ac1717} -> No File
BHO-x32: coooLncheap -> {90d712ee-e8a1-4bd3-a14e-8437c2ac1717} -> C:\Program Files (x86)\coooLncheap\LPMTfpL6eLfgVR.dll No File
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-03-04] (Ninja Soft Inc.)
R2 PrService; C:\Users\Admin\AppData\Local\PrService\PrService.exe [85504 2015-03-10] () [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
S2 f3f58402; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemAide\SystemAide.dll",serv
2015-05-03 16:01 - 2015-05-03 16:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\{9011C1B1-8EA6-4577-9796-307E66949456}
2015-05-03 15:30 - 2015-05-03 15:30 - 00000000 _____ () C:\Windows\SysWOW64\REN99EF.tmp
2015-05-01 11:14 - 2015-05-01 11:14 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{BBB72A0C-1457-407F-975D-626D54BF899F}
2015-04-30 15:51 - 2015-04-30 15:52 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{BF7C79A2-A351-40C3-B0B7-2761F8F5DB5A}
2015-04-29 14:19 - 2015-04-29 14:19 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{0198C6C1-5ADF-477C-8CCC-2444D07B77D6}
2015-04-28 17:57 - 2015-04-28 17:58 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{7788CAA8-F973-40A6-BFE3-00AB63AA470E}
2015-04-27 17:44 - 2015-04-27 17:44 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{5DFEEB53-72ED-4628-B29F-2B917A1FE847}
2015-04-26 19:03 - 2015-04-26 19:04 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{705146AD-1FD2-463A-BA0A-28456EF04CDA}
2015-04-23 07:16 - 2015-04-23 07:16 - 00822377 ____H (Application Software ) C:\Users\Admin\Downloads\Unconfirmed 500732.crdownload
2015-04-23 07:16 - 2015-04-23 07:16 - 00822377 ____H (Application Software ) C:\Users\Admin\Downloads\Unconfirmed 426137.crdownload
2015-04-22 19:05 - 2015-04-22 19:05 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{AFED8955-1AC1-4A0C-80C8-4E0E4A8604BE}
2015-04-21 10:53 - 2015-04-21 10:54 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{2E3453CD-2AF1-4C80-BD9A-50CE4736622C}
2015-04-15 19:55 - 2015-04-15 19:55 - 00000000 _____ () C:\Windows\SysWOW64\REN5EE1.tmp
2015-04-14 23:03 - 2015-04-14 23:03 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{D26E1751-B6C5-45E3-968E-139E6A84A3BD}
2015-04-14 11:01 - 2015-04-14 11:01 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{3E76A0C5-6B2E-4B1C-938D-5F543263ED5F}
2015-04-13 22:59 - 2015-04-13 22:59 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{9A4A78AE-CBD2-4D39-9E29-48334DC38B90}
2015-04-13 12:15 - 2015-04-13 12:17 - 00202636 ____H () C:\Users\Admin\Downloads\2062.tmp
2015-04-13 11:37 - 2015-04-21 15:09 - 00000000 ____D () C:\Program Files (x86)\topdeala
2015-04-13 11:01 - 2015-04-13 11:02 - 00830768 ____H (Software Web App ) C:\Users\Admin\Downloads\Unconfirmed 562710.crdownload
2015-04-13 10:57 - 2015-04-13 10:57 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{A6A72A7C-C1EF-4EC4-A298-B8C857439BFC}
2015-04-09 16:12 - 2015-05-03 21:31 - 00000000 ____D () C:\Program Files (x86)\SystemAide
2015-04-09 16:11 - 2015-04-09 16:11 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{51D54BF3-FF29-4573-B06F-B9AC1CC5D4C5}
2015-04-06 19:32 - 2015-04-06 19:34 - 00365485 ____H () C:\Users\Admin\Downloads\Unconfirmed 660273.crdownload
2015-04-06 19:22 - 2015-04-06 19:23 - 00144247 ____H () C:\Users\Admin\Downloads\Unconfirmed 140552.crdownload
2015-04-06 17:59 - 2015-04-06 17:59 - 00503501 ____H (Internet ) C:\Users\Admin\Downloads\Unconfirmed 1271.crdownload
2015-04-06 17:58 - 2015-04-06 17:58 - 00823768 ____H (Internet ) C:\Users\Admin\Downloads\Unconfirmed 851838.crdownload
2015-04-06 14:57 - 2015-04-06 14:57 - 00291107 ____H (Generic ) C:\Users\Admin\Downloads\Unconfirmed 105494.crdownload
2015-04-06 14:33 - 2015-04-06 14:33 - 01101184 ____H () C:\Users\Admin\Downloads\Unconfirmed 325029.crdownload
2015-04-06 13:37 - 2015-04-06 13:38 - 00280695 ____H () C:\Users\Admin\Downloads\Unconfirmed 681157.crdownload
2015-04-06 13:32 - 2015-04-06 13:38 - 00417987 ____H () C:\Users\Admin\Downloads\Unconfirmed 970502.crdownload
2015-04-06 13:31 - 2015-04-06 13:38 - 00884007 ____H (VideoLan ) C:\Users\Admin\Downloads\Unconfirmed 451759.crdownload
2015-04-06 13:23 - 2015-04-06 13:25 - 00422283 ____H () C:\Users\Admin\Downloads\Unconfirmed 981191.crdownload
2015-04-06 13:23 - 2015-04-06 13:24 - 00356969 ____H () C:\Users\Admin\Downloads\Unconfirmed 169217.crdownload
2015-04-06 13:21 - 2015-04-06 13:24 - 00335663 ____H () C:\Users\Admin\Downloads\Unconfirmed 881684.crdownload
2015-04-06 12:52 - 2015-04-06 12:52 - 00241560 ____H () C:\Users\Admin\Downloads\4D2D.tmp
2015-04-06 11:09 - 2015-04-06 11:09 - 00010405 ____H () C:\Users\Admin\Downloads\Unconfirmed 680603.crdownload
2015-04-06 11:08 - 2015-04-06 11:08 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{9A5F622F-0CF8-4939-B91B-EDF0CF708F04}
2015-04-04 08:49 - 2015-04-04 08:50 - 00484861 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 853619.crdownload
2015-04-04 08:03 - 2015-04-04 08:03 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 148112.crdownload
2015-04-04 07:45 - 2015-04-04 07:45 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 949401.crdownload
2015-04-04 07:17 - 2015-04-04 07:17 - 00468200 ____H (Installer Technology Co) C:\Users\Admin\Downloads\Unconfirmed 773265.crdownload
2015-04-04 07:17 - 2015-04-04 07:17 - 00468200 ____H (Installer Technology Co) C:\Users\Admin\Downloads\Unconfirmed 520343.crdownload
2015-04-04 07:04 - 2015-04-04 07:04 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 767447.crdownload
2015-04-04 06:36 - 2015-04-04 06:36 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 896392.crdownload
2015-04-04 05:58 - 2015-04-04 05:58 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 977320.crdownload
2015-04-04 05:58 - 2015-04-04 05:58 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 314460.crdownload
2015-04-04 05:57 - 2015-04-04 05:57 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 471326.crdownload
2015-04-04 05:57 - 2015-04-04 05:57 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 159602.crdownload
2015-04-04 05:48 - 2015-04-04 05:48 - 00164597 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 243098.crdownload
2015-04-04 05:47 - 2015-04-04 05:47 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 904184.crdownload
2015-04-04 05:47 - 2015-04-04 05:47 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 716500.crdownload
2015-04-04 05:46 - 2015-04-04 05:46 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 97248.crdownload
2015-04-04 05:28 - 2015-04-04 05:28 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (4).website
2015-04-04 05:28 - 2015-04-04 05:28 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (3).website
2015-04-04 05:27 - 2015-04-04 05:27 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (2).website
2015-04-04 05:26 - 2015-04-04 05:27 - 00000481 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup (1).website
2015-04-04 04:49 - 2015-04-04 04:50 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 692406.crdownload
2015-04-04 04:49 - 2015-04-04 04:49 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 431648.crdownload
2015-04-04 04:48 - 2015-04-04 04:48 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 900194.crdownload
2015-04-04 04:47 - 2015-04-04 04:47 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 881362.crdownload
2015-04-04 04:04 - 2015-04-04 04:04 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 546970.crdownload
2015-04-04 01:42 - 2015-04-04 01:42 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 618236.crdownload
2015-04-04 00:03 - 2015-04-04 00:03 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 948460.crdownload
2015-04-04 00:02 - 2015-04-04 00:02 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 6690.crdownload
2015-04-04 00:02 - 2015-04-04 00:02 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 143957.crdownload
2015-04-04 00:01 - 2015-04-04 00:01 - 00805144 ____H (Program ) C:\Users\Admin\Downloads\Unconfirmed 857648.crdownload
2015-04-03 23:08 - 2015-04-03 23:08 - 00000483 ____H () C:\Users\Admin\Downloads\uplayermediaplayer-setup.website
2015-04-03 20:39 - 2015-04-03 20:40 - 00000000 ___HD () C:\Users\Admin\AppData\Local\{C4A9FEEA-B191-4644-BA3D-9AAEC577A210}
2015-05-03 22:35 - 2015-03-18 20:15 - 00000000 ___HD () C:\Users\Admin\AppData\Local\PrService
2015-05-03 22:28 - 2015-01-27 16:26 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
2015-05-03 21:29 - 2015-03-25 14:34 - 00000000 ____D () C:\ProgramData\Browser
2015-05-03 21:29 - 2015-02-18 13:59 - 00000000 ____D () C:\ProgramData\couponcheapchea
2015-05-03 16:22 - 2015-03-16 21:38 - 00000000 ___HD () C:\Users\Admin\AppData\Local\PC MightyMax 2015
2015-05-03 14:08 - 2011-01-06 19:11 - 00000000 ____D () C:\Program Files (x86)\Coupons
2015-04-29 14:36 - 2015-02-04 19:50 - 00000000 ____D () C:\ProgramData\12884299035192847501
2015-04-09 16:13 - 2015-03-23 15:10 - 00000000 ____D () C:\ProgramData\ef40e1500000389e
Task: {1BA5CC77-763F-46E0-B105-1BD3B22D1B8D} - \SPDriver No Task File <==== ATTENTION
Task: {25884663-BF4E-481A-8FF2-48E1F9F87A62} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {25D1EAA9-DF66-45A8-A6FC-E24D2A2E3761} - System32\Tasks\UpdaterEX => C:\Users\Admin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {541C683B-91EC-4FCD-94E3-2317776CC161} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {5ADF18C6-C6E8-40DD-B105-156B4852D8D6} - \ShopperPro No Task File <==== ATTENTION
Task: {8AF77C0B-87A9-4880-B993-0BDCE5D2A74F} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {A3184178-71D9-4014-A6E3-704184F55E71} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {A96564FD-5D58-47D8-9759-9F61587463DB} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {AA849CFD-99ED-4E8C-B1E2-E605E3F9C7D7} - \SPBIW_UpdateTask_Time_313234343437383838382d3737555a416c503257344a41 No Task File <==== ATTENTION
Task: {B14DBF37-5D60-4327-9FFE-BC1FC96ABBC6} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {E1333C3C-9D40-4234-93C1-C812808C1B2E} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {E61C7B71-FD41-4D29-A0AF-5C1BB43D0B13} - \avaavxvyex No Task File <==== ATTENTION
Task: {EF31F360-EE37-42AB-AC67-616332389086} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Admin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Admin\AppData\Local\Ninja Loader
C:\Users\Admin\AppData\Local\PrService
C:\Program Files\Reimage
C:\Program Files (x86)\coooLncheap
C:\Program Files (x86)\Ninja Loader
c:\Program Files (x86)\SystemAide
C:\Program Files (x86)\YTDownloader\
C:\Users\Admin\AppData\Roaming\UPDATE~1
C:\Program Files (x86)\Super Optimizer
C:\Program Files\Common Files\Goobzo
C:\Program Files (x86)\MyPC Backup
C:\Users\Admin\AppData\Roaming\ernden
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-003D-0000-0000-0000000FF1CE} => Value not found.
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-006E-0409-0000-0000000FF1CE} => Value not found.
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-001A-0409-0000-0000000FF1CE} => Value not found.
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-0018-0409-0000-0000000FF1CE} => Value not found.
"HKU\S-1-5-21-9863214-3227163779-590294082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{633c1796-dc7f-11df-86cc-002713dff999}" => Key deleted successfully.
HKCR\CLSID\{633c1796-dc7f-11df-86cc-002713dff999} => Key not found.
"HKU\S-1-5-21-9863214-3227163779-590294082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{633c17a2-dc7f-11df-86cc-002713dff999}" => Key deleted successfully.
HKCR\CLSID\{633c17a2-dc7f-11df-86cc-002713dff999} => Key not found.
HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Key not found.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Key not found.
HKU\S-1-5-21-9863214-3227163779-590294082-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Key not found.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-003D-0000-0000-0000000FF1CE} => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-006E-0409-0000-0000000FF1CE} => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-001A-0409-0000-0000000FF1CE} => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-0018-0409-0000-0000000FF1CE} => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90d712ee-e8a1-4bd3-a14e-8437c2ac1717}" => Key deleted successfully.
HKCR\CLSID\{90d712ee-e8a1-4bd3-a14e-8437c2ac1717} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90d712ee-e8a1-4bd3-a14e-8437c2ac1717}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{90d712ee-e8a1-4bd3-a14e-8437c2ac1717}" => Key deleted successfully.
NinjaLoaderService => Service stopped successfully.
NinjaLoaderService => Service deleted successfully.
PrService => Unable to stop service
PrService => Service deleted successfully.
ReimageRealTimeProtector => Service stopped successfully.
ReimageRealTimeProtector => Service deleted successfully.
BrsHelper => Service deleted successfully.
f3f58402 => Service deleted successfully.
C:\Users\Admin\AppData\Local\{9011C1B1-8EA6-4577-9796-307E66949456} => Moved successfully.
C:\Windows\SysWOW64\REN99EF.tmp => Moved successfully.
C:\Users\Admin\AppData\Local\{BBB72A0C-1457-407F-975D-626D54BF899F} => Moved successfully.
C:\Users\Admin\AppData\Local\{BF7C79A2-A351-40C3-B0B7-2761F8F5DB5A} => Moved successfully.
C:\Users\Admin\AppData\Local\{0198C6C1-5ADF-477C-8CCC-2444D07B77D6} => Moved successfully.
C:\Users\Admin\AppData\Local\{7788CAA8-F973-40A6-BFE3-00AB63AA470E} => Moved successfully.
C:\Users\Admin\AppData\Local\{5DFEEB53-72ED-4628-B29F-2B917A1FE847} => Moved successfully.
C:\Users\Admin\AppData\Local\{705146AD-1FD2-463A-BA0A-28456EF04CDA} => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 500732.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 426137.crdownload => Moved successfully.
C:\Users\Admin\AppData\Local\{AFED8955-1AC1-4A0C-80C8-4E0E4A8604BE} => Moved successfully.
C:\Users\Admin\AppData\Local\{2E3453CD-2AF1-4C80-BD9A-50CE4736622C} => Moved successfully.
C:\Windows\SysWOW64\REN5EE1.tmp => Moved successfully.
C:\Users\Admin\AppData\Local\{D26E1751-B6C5-45E3-968E-139E6A84A3BD} => Moved successfully.
C:\Users\Admin\AppData\Local\{3E76A0C5-6B2E-4B1C-938D-5F543263ED5F} => Moved successfully.
C:\Users\Admin\AppData\Local\{9A4A78AE-CBD2-4D39-9E29-48334DC38B90} => Moved successfully.
C:\Users\Admin\Downloads\2062.tmp => Moved successfully.
C:\Program Files (x86)\topdeala => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 562710.crdownload => Moved successfully.
C:\Users\Admin\AppData\Local\{A6A72A7C-C1EF-4EC4-A298-B8C857439BFC} => Moved successfully.
C:\Program Files (x86)\SystemAide => Moved successfully.
C:\Users\Admin\AppData\Local\{51D54BF3-FF29-4573-B06F-B9AC1CC5D4C5} => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 660273.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 140552.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 1271.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 851838.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 105494.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 325029.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 681157.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 970502.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 451759.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 981191.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 169217.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 881684.crdownload => Moved successfully.
C:\Users\Admin\Downloads\4D2D.tmp => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 680603.crdownload => Moved successfully.
C:\Users\Admin\AppData\Local\{9A5F622F-0CF8-4939-B91B-EDF0CF708F04} => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 853619.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 148112.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 949401.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 773265.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 520343.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 767447.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 896392.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 977320.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 314460.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 471326.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 159602.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 243098.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 904184.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 716500.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 97248.crdownload => Moved successfully.
C:\Users\Admin\Downloads\uplayermediaplayer-setup (4).website => Moved successfully.
C:\Users\Admin\Downloads\uplayermediaplayer-setup (3).website => Moved successfully.
C:\Users\Admin\Downloads\uplayermediaplayer-setup (2).website => Moved successfully.
C:\Users\Admin\Downloads\uplayermediaplayer-setup (1).website => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 692406.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 431648.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 900194.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 881362.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 546970.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 618236.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 948460.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 6690.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 143957.crdownload => Moved successfully.
C:\Users\Admin\Downloads\Unconfirmed 857648.crdownload => Moved successfully.
C:\Users\Admin\Downloads\uplayermediaplayer-setup.website => Moved successfully.
C:\Users\Admin\AppData\Local\{C4A9FEEA-B191-4644-BA3D-9AAEC577A210} => Moved successfully.

"C:\Users\Admin\AppData\Local\PrService" directory move:

Could not move "C:\Users\Admin\AppData\Local\PrService" directory. => Scheduled to move on reboot.

C:\Windows\Tasks\UpdaterEX.job => Moved successfully.
C:\ProgramData\Browser => Moved successfully.
C:\ProgramData\couponcheapchea => Moved successfully.
C:\Users\Admin\AppData\Local\PC MightyMax 2015 => Moved successfully.
C:\Program Files (x86)\Coupons => Moved successfully.
C:\ProgramData\12884299035192847501 => Moved successfully.
C:\ProgramData\ef40e1500000389e => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BA5CC77-763F-46E0-B105-1BD3B22D1B8D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BA5CC77-763F-46E0-B105-1BD3B22D1B8D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25884663-BF4E-481A-8FF2-48E1F9F87A62}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25884663-BF4E-481A-8FF2-48E1F9F87A62}" => Key deleted successfully.
C:\Windows\System32\Tasks\YTDownloader => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25D1EAA9-DF66-45A8-A6FC-E24D2A2E3761}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25D1EAA9-DF66-45A8-A6FC-E24D2A2E3761}" => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{541C683B-91EC-4FCD-94E3-2317776CC161}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{541C683B-91EC-4FCD-94E3-2317776CC161}" => Key deleted successfully.
C:\Windows\System32\Tasks\Super Optimizer Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5ADF18C6-C6E8-40DD-B105-156B4852D8D6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ADF18C6-C6E8-40DD-B105-156B4852D8D6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8AF77C0B-87A9-4880-B993-0BDCE5D2A74F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AF77C0B-87A9-4880-B993-0BDCE5D2A74F}" => Key deleted successfully.
C:\Windows\System32\Tasks\YTDownloaderUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3184178-71D9-4014-A6E3-704184F55E71}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3184178-71D9-4014-A6E3-704184F55E71}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A96564FD-5D58-47D8-9759-9F61587463DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A96564FD-5D58-47D8-9759-9F61587463DB}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA849CFD-99ED-4E8C-B1E2-E605E3F9C7D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA849CFD-99ED-4E8C-B1E2-E605E3F9C7D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_313234343437383838382d3737555a416c503257344a41" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B14DBF37-5D60-4327-9FFE-BC1FC96ABBC6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B14DBF37-5D60-4327-9FFE-BC1FC96ABBC6}" => Key deleted successfully.
C:\Windows\System32\Tasks\SMWUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1333C3C-9D40-4234-93C1-C812808C1B2E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1333C3C-9D40-4234-93C1-C812808C1B2E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E61C7B71-FD41-4D29-A0AF-5C1BB43D0B13}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E61C7B71-FD41-4D29-A0AF-5C1BB43D0B13}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaavxvyex" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF31F360-EE37-42AB-AC67-616332389086}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF31F360-EE37-42AB-AC67-616332389086}" => Key deleted successfully.
C:\Windows\System32\Tasks\ReimageUpdater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater" => Key deleted successfully.
C:\Windows\Tasks\UpdaterEX.job not found.
C:\Users\Admin\AppData\Local\Ninja Loader => Moved successfully.
C:\Users\Admin\AppData\Local\PrService => Moved successfully.
C:\Program Files\Reimage => Moved successfully.
"C:\Program Files (x86)\coooLncheap" => File/Directory not found.
C:\Program Files (x86)\Ninja Loader => Moved successfully.
"c:\Program Files (x86)\SystemAide" => File/Directory not found.
"C:\Program Files (x86)\YTDownloader" => File/Directory not found.
C:\Users\Admin\AppData\Roaming\UPDATE~1 => Moved successfully.
"C:\Program Files (x86)\Super Optimizer" => File/Directory not found.
"C:\Program Files\Common Files\Goobzo" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
C:\Users\Admin\AppData\Roaming\ernden => Moved successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-9863214-3227163779-590294082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-9863214-3227163779-590294082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /release =========

Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection:

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========

========= ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix . :
   IPv6 Address. . . . . . . . . . . : 2607:fcc8:bd40:6d00:7545:25f0:40f8:c056
   Temporary IPv6 Address. . . . . . : 2607:fcc8:bd40:6d00:5c37:1d8d:4785:fea4
   Link-local IPv6 Address . . . . . : fe80::7545:25f0:40f8:c056%13
   IPv4 Address. . . . . . . . . . . : 192.168.0.22
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::7a71:9cff:fe5a:1557%13
                                       192.168.0.1

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Reseting Interface, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{924D1CA1-1AC0-4DB9-9D3F-A67739AD3F39} canceled.
{DB1F0798-C243-489D-98C1-0AF0C7640083} canceled.
{FDE56B24-9E0B-48B6-B376-621DB364FF95} canceled.
{33476E85-0F4C-4AC4-905D-120F2CF57C66} canceled.
{A6CD4E8C-F7E7-40FF-BE76-1D11C60E723B} canceled.
{7C1124F8-64E3-461D-8EC7-28F426E48B8A} canceled.
{0E65B997-83E3-4244-B86F-B0C3225CFCC1} canceled.
{4B4334C6-67A3-4DA2-A7CA-4624F45B7398} canceled.
{3AA4AC03-5E97-469C-9858-4ABAB68D6BA9} canceled.
{15609E2F-0E94-4411-BD47-BE5ED5E908FE} canceled.
{4DFD8147-7763-4F48-8E03-6A768BBF219E} canceled.
{B3E82413-1805-481A-89C0-AEFBD036CB9E} canceled.
{884DC74F-1681-44F1-9D7F-3D690BF225CD} canceled.
{66FFBB3B-F2D8-4BD2-A082-99845AFD508E} canceled.
{726C78A3-18E4-496A-8B15-D4FD7D345773} canceled.
{8E797324-66F0-49B7-B079-9EC1A2BC1C5A} canceled.
{5E90252B-BD04-4C8A-8708-C8284B8C173D} canceled.
{A7C541A9-79FB-4433-A39F-0FDDFABC4BBD} canceled.
{38FC7B65-A93F-420D-9590-5601C09E2B7C} canceled.
{568916C8-2033-461A-B61D-2043D19846DB} canceled.
{7942DB46-DEA8-42ED-B5F9-CDEBD266C5B8} canceled.
{978BC744-9AC2-4386-8359-77DACF0E0FAA} canceled.
{9CEC450F-00EB-40A2-AA0F-6CC31A80F174} canceled.
{24BCABC8-3E51-421C-B811-E34931655DD6} canceled.
{0D1321F5-46EA-48BE-A152-A5653FC0F4C4} canceled.
{7AE226A9-5085-44B0-9A32-A15B93BAF6E3} canceled.
{B1391040-82D1-40F6-B1B5-8F08E389E858} canceled.
{C2493B82-4906-46E2-9CBB-33F850760A37} canceled.
{C40A3651-7532-4CAC-A5DA-0D1B94942818} canceled.
{FD593EFD-F573-4BF6-9FB2-4AE5FC594E62} canceled.
{887C2A04-9F17-48C7-B394-6EF6295E2829} canceled.
{5131C48D-FA5F-439F-B860-D567C8DC2605} canceled.
{55D3D219-C469-49A1-A9C3-0C73BE123168} canceled.
{1E51A072-A94B-4777-AF48-99AF71024966} canceled.
{94753CFC-CA2E-49B3-94BF-F38E28DBF8D9} canceled.
{4089D30D-A543-4325-AA48-2DD1B049466D} canceled.
{D8BDD3F0-EC68-4B10-8279-573D9D201696} canceled.
{B70757D9-A8D5-45E4-90DF-D46B7C18324B} canceled.
{B502A8CA-627B-475E-9E25-3AAC07671A84} canceled.
{689861CF-D200-457B-AAD1-6F67B93721C3} canceled.
{6779F245-702A-497D-B967-1638DFC9102F} canceled.
{A1299073-DE7F-4EEA-A002-29E3EF9A3B6A} canceled.
{8192C369-3BF7-4E0B-AAC8-270E80909CF5} canceled.
{411D04FA-F96C-4CAE-9350-0568AB59BC78} canceled.
{BA63EC52-2145-429E-A1B8-2F39C5702695} canceled.
{74D7D778-9AD9-4D62-B72D-4B18869B8763} canceled.
{8842C025-FF8E-45E2-B6EC-4AAD36A3FA98} canceled.
{4324400D-E800-431E-9E1D-C17DF813C5BF} canceled.
{E2F5804B-EC28-4A32-AD24-398223D1CF73} canceled.
{84AE801E-7A4D-4A24-8640-AE70269AE9A9} canceled.
{9A28979A-536C-4E9C-AC31-B050644EEC3B} canceled.
{12261CD8-278C-4F50-8DEB-BD08E83F068C} canceled.
{AEEC6AFE-EBBC-4568-8829-EA76E4E8646C} canceled.
{AFD0BDB6-7C2C-473F-AAFF-094757E29AE8} canceled.
{32BCE3F3-23DE-44B3-8137-6C9639214839} canceled.
{94A382AB-8DDC-4B6E-8A14-CC502F24B5F9} canceled.
{A73B8B1F-CCDB-4AAD-8AED-59383A2C193E} canceled.
{C46AF7DC-F476-4AB8-A7C0-7248E7EAFD21} canceled.
{147D2772-63CF-4279-9A52-671FF9BD12CC} canceled.
{E0B23617-9FA9-4A51-91BF-469E5E80F84F} canceled.
60 out of 60 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 2.3 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-05-04 14:31:37)<=

C:\Users\Admin\AppData\Local\PrService => Is moved successfully.

==== End of Fixlog 14:31:37 ====

I wasn't able to get the ADWCleaner installed. Everytime I tried, it gave me an error about teh software being out of date and to go download the new software. But I have checked to make sure that the chrome.exe file is no longer running, and it's gone.Thank you so much!!

#4
Essexboy

Posted 04 May 2015 - 01:14 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you use this link please https://toolslib.net...loads/finish/1/

What other problems are you seeing at the moment ?

#5
Essexboy

Posted 08 May 2015 - 02:21 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.