Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my laptop is running VERY slowly of late. Suspect Malware running in


  • This topic is locked This topic is locked

#1
AdamIsAdam

AdamIsAdam

    Member

  • Member
  • PipPipPip
  • 185 posts

Hello,

This forum has always been so helpful in the past and just helped with my son's `puter.  Now it's my turn.  My laptop has been running PAINFULLY slow lately.  I suspect something is running in the background without my knowledge.  Can I get some help please?

 

As always, thanks in advance!

--Adam

 

 

Here are my log files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Adam Rosenfeld (administrator) on ADAMROSENFELD on 19-05-2015 21:19:42
Running from C:\Users\Adam Rosenfeld\Desktop
Loaded Profiles: Adam Rosenfeld & Kids &  (Available profiles: Adam Rosenfeld & Kids & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Kids\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Dropbox, Inc.) C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\pdf reader packages\uninstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\pdf reader packages\uninstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\pdf reader packages\uninstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\pdf reader packages\uninstaller.exe <====== ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1004 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1004 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Run: [41A6E601A44F506D92A54D89F68E0E8872D6AEB3._service_run] => C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe [812872 2015-04-27] (Google Inc.)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Run: [Google Update] => C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [41A6E601A44F506D92A54D89F68E0E8872D6AEB3._service_run] => C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe [812872 2015-04-27] (Google Inc.)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-33795446-1446344522-1645180631-1004\...\Run: [Google Update] => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-01] (Google Inc.)
HKU\S-1-5-21-33795446-1446344522-1645180631-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-33795446-1446344522-1645180631-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-01] (Google Inc.)
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Guest\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-22] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\Users\Adam Rosenfeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-02-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2013-11-15]
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-26] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-33795446-1446344522-1645180631-1004\User: Group Policy Restriction detected <======= ATTENTION
CHR HKU\S-1-5-21-33795446-1446344522-1645180631-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-33795446-1446344522-1645180631-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.searc...p={searchTerms}
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000 -> DefaultScope {774F3256-7F66-4691-B895-B0B83356154D} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000 -> {774F3256-7F66-4691-B895-B0B83356154D} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.searc...p={searchTerms}
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {774F3256-7F66-4691-B895-B0B83356154D} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {774F3256-7F66-4691-B895-B0B83356154D} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.searc...p={searchTerms}
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-26] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-26] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://webdeposit.e...om/eztwainx.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll [2014-06-03] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1004: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kids\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1004: @talk.google.com/O1DPlugin -> C:\Users\Kids\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Kids\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Kids\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kids\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Kids\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Kids\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Kids\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Guest\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll [2011-09-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Guest\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll [2011-09-22] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-09-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-05]
FF HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-16]
CHR Extension: (Bookmark Manager) - C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
StartMenuInternet: Google Chrome - C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AffinegyService; C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe [587120 2011-10-17] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-26] (Avast Software s.r.o.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-03] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-26] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-26] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-26] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-26] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-26] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-10-02] (Mozy, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-19 21:19 - 2015-05-19 21:21 - 00051297 _____ () C:\Users\Adam Rosenfeld\Desktop\FRST.txt
2015-05-19 21:16 - 2015-05-19 21:20 - 00000000 ____D () C:\FRST
2015-05-19 21:15 - 2015-05-19 21:15 - 02107904 _____ (Farbar) C:\Users\Adam Rosenfeld\Desktop\FRST64.exe
2015-05-17 16:41 - 2015-05-17 16:42 - 00000000 ____D () C:\Users\Kids\AppData\Local\{884C5A7B-C047-472E-BB67-45A38AEA69D4}
2015-05-14 21:51 - 2015-05-19 19:24 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{C523472C-BE5F-4837-A3C5-0A8AE98ED63D}
2015-05-14 20:43 - 2015-05-14 20:43 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Mozilla
2015-05-14 20:40 - 2015-05-14 20:41 - 00000000 ____D () C:\Users\Kids\AppData\Local\{4CDA38E9-B5D6-4B2D-A583-8F814B083250}
2015-05-13 21:14 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:14 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:02 - 2015-05-13 21:02 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{98567B3E-0CEE-4B0B-ADBA-8F025F61F17D}
2015-05-12 21:29 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:29 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:29 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:29 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:28 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:28 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:28 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:28 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:28 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:28 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:28 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:28 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:28 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:28 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:28 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:28 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:28 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:28 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:28 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:28 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:28 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:28 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:28 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:28 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:28 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:28 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:28 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:28 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:28 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:28 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:28 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:28 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:28 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:28 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:28 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:28 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:28 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:28 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:28 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:28 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:28 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:28 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:28 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:28 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:28 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:28 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:28 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:28 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:28 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:28 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:28 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:28 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:28 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:28 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:28 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:28 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:28 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:28 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:28 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:28 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:28 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:28 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:28 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:28 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:28 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:28 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 21:28 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:27 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 21:27 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:27 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 21:27 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 21:27 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 21:27 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 21:27 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 21:27 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 21:27 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 21:27 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 21:27 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 21:27 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 21:27 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 21:27 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 21:27 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 21:27 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 21:27 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 21:27 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 21:27 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 21:27 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 21:27 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 21:27 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 21:27 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 21:27 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 21:27 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 21:27 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 21:27 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 21:27 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 21:27 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:25 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:25 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:25 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:25 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:25 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:25 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:25 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 21:25 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:25 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:24 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 21:24 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 21:24 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:24 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 21:24 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 21:24 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 21:24 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 21:08 - 2015-05-12 21:08 - 00350210 _____ () C:\Users\Adam Rosenfeld\Downloads\C2AB.tmp
2015-05-03 14:23 - 2015-05-12 20:38 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{CAF34D84-7EE7-4929-AC10-E0D81467E402}
2015-05-02 20:57 - 2015-05-02 20:58 - 00092160 _____ () C:\Users\Adam Rosenfeld\Desktop\Slice of LI.wps
2015-04-27 21:04 - 2015-05-02 12:36 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{D584CCB3-05F2-47C6-8933-CBA8B5C4EF2D}
2015-04-26 23:09 - 2015-04-26 23:09 - 00403440 _____ () C:\Users\Adam Rosenfeld\Desktop\bottle rocket.3gp
2015-04-26 13:54 - 2015-04-26 13:54 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-26 13:54 - 2015-04-26 13:54 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-21 19:51 - 2015-04-26 13:44 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{7C053E25-9827-4EE7-9F4F-C37A87373847}
2015-04-19 08:30 - 2015-04-20 20:14 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{B25E5951-C876-4FA3-B5A4-17878FF766C6}
2015-04-19 08:24 - 2015-04-19 08:24 - 00000040 _____ () C:\Windows\system32\꘰ä
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-19 21:06 - 2012-09-01 00:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-19 20:57 - 2011-06-07 21:48 - 02000772 _____ () C:\Windows\WindowsUpdate.log
2015-05-19 20:49 - 2011-08-18 07:31 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA.job
2015-05-19 20:25 - 2013-05-26 18:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 20:25 - 2013-05-26 18:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 20:20 - 2013-05-26 18:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 20:20 - 2013-05-26 18:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 19:25 - 2014-07-04 09:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-17 17:28 - 2011-09-12 10:18 - 00006552 _____ () C:\Windows\mozy.flt
2015-05-17 17:28 - 2011-09-12 10:18 - 00005268 _____ () C:\Windows\mozy.blk
2015-05-17 16:49 - 2011-08-18 07:31 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core.job
2015-05-17 16:44 - 2011-08-18 07:31 - 00003932 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA
2015-05-17 16:44 - 2011-08-18 07:31 - 00003536 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core
2015-05-17 16:42 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 16:42 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-16 18:19 - 2013-10-05 17:27 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-16 07:48 - 2013-02-23 00:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 07:40 - 2011-09-30 23:05 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004Core.job
2015-05-15 07:13 - 2010-09-09 08:17 - 00000000 ___RD () C:\Users\Adam Rosenfeld\Documents\My Dropbox
2015-05-14 21:53 - 2014-07-04 09:25 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-14 21:53 - 2014-07-04 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-14 21:53 - 2014-07-04 09:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-14 21:52 - 2011-08-18 09:56 - 00000000 ____D () C:\ProgramData\clear.fi
2015-05-14 21:52 - 2010-09-09 08:13 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox
2015-05-14 21:50 - 2011-09-30 22:48 - 00000632 __RSH () C:\Users\Adam Rosenfeld\ntuser.pol
2015-05-14 21:50 - 2011-08-18 07:19 - 00000000 ____D () C:\Users\Adam Rosenfeld
2015-05-14 21:22 - 2009-07-14 01:13 - 00787388 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 20:39 - 2011-09-30 22:59 - 00004582 __RSH () C:\Users\Kids\ntuser.pol
2015-05-14 20:39 - 2011-09-30 22:59 - 00000000 ____D () C:\Users\Kids
2015-05-13 22:53 - 2013-02-23 16:29 - 00041738 _____ () C:\Windows\setupact.log
2015-05-13 22:53 - 2012-05-13 21:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 22:53 - 2012-05-13 21:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 22:53 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-13 22:53 - 2009-07-14 00:45 - 00351016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 22:49 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 22:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 22:09 - 2011-08-19 12:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 22:01 - 2013-07-30 21:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 21:36 - 2011-08-24 20:47 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 21:13 - 2012-05-13 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:29 - 2014-01-09 22:28 - 00003090 _____ () C:\Windows\wininit.ini
2015-05-12 22:29 - 2011-08-18 11:37 - 00001053 _____ () C:\Users\Adam Rosenfeld\Desktop\Dropbox.lnk
2015-05-12 22:29 - 2011-08-18 11:36 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-02 20:52 - 2014-11-28 23:33 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Roaming\vlc
2015-04-30 01:12 - 2014-11-28 14:40 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-26 15:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-26 14:52 - 2013-02-23 16:29 - 00747130 _____ () C:\Windows\PFRO.log
2015-04-26 13:54 - 2014-04-21 21:32 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-26 13:54 - 2014-01-26 09:05 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-26 13:54 - 2013-11-05 23:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-26 13:54 - 2013-11-05 23:39 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-26 13:54 - 2013-11-05 23:39 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-26 13:54 - 2013-11-05 23:39 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-26 13:54 - 2013-11-05 23:39 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-26 13:53 - 2014-11-03 00:34 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-04-26 13:53 - 2013-11-05 23:39 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-24 22:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-19 08:22 - 2014-12-14 15:04 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-19 08:22 - 2014-05-07 06:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-19 08:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-19 08:18 - 2015-04-18 14:30 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{49BC127E-7C3C-42A7-8B5D-A3FE5941CB8D}
 
==================== Files in the root of some directories =======
 
2013-07-27 10:41 - 2013-09-28 00:21 - 0000113 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\WB.CFG
2013-06-13 08:46 - 2013-09-28 00:21 - 0000005 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\WBPU-TTL.DAT
2010-02-21 10:40 - 2011-04-29 23:06 - 0168960 _____ () C:\Users\Adam Rosenfeld\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-03 09:24 - 2011-07-03 09:24 - 2427882 _____ () C:\Users\Adam Rosenfeld\AppData\Local\[j0003]-[p01].bmp
2014-12-10 20:47 - 2014-12-10 20:47 - 0000000 _____ () C:\Users\Adam Rosenfeld\AppData\Local\{454A0AB3-147E-409C-B56D-8718B780D75B}
2011-06-07 22:08 - 2011-06-07 22:12 - 0015211 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-09-05 09:00 - 2012-09-18 11:10 - 0013076 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Adam Rosenfeld\NTUSER (1).DAT
 
 
Some content of TEMP:
====================
C:\Users\Adam Rosenfeld\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpum2kfw.dll
C:\Users\Adam Rosenfeld\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Kids\AppData\Local\Temp\GUR9F70.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-10 18:51
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by Adam Rosenfeld at 2015-05-19 21:22:40
Running from C:\Users\Adam Rosenfeld\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Adam Rosenfeld (S-1-5-21-33795446-1446344522-1645180631-1000 - Administrator - Enabled) => C:\Users\Adam Rosenfeld
Administrator (S-1-5-21-33795446-1446344522-1645180631-500 - Administrator - Disabled)
Guest (S-1-5-21-33795446-1446344522-1645180631-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-33795446-1446344522-1645180631-1002 - Limited - Enabled)
Kids (S-1-5-21-33795446-1446344522-1645180631-1004 - Limited - Enabled) => C:\Users\Kids
OLDPCADMIN (S-1-5-21-33795446-1446344522-1645180631-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1510 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1510 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 5.0 - Autodesk, Inc.)
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.7.598 - AVG Technologies)
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BMW Standard Tools (HKLM-x32\...\{ 70994916-61E9-40D2-A30C-89D2C030017F}_is1) (Version: 2.12.0 - BMW Group)
Bonjour (HKLM\...\{877924AA-E044-4266-B37D-E974CD799934}) (Version: 2.0.0.34 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C4700 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1422.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7418 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CryptoPrevent v4.3.2 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2104.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DigiDo (HKLM-x32\...\DigiDo_is1) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DR Systems Web Ambassador (HKLM-x32\...\{98BCB68E-274F-11D4-B2FA-00105AA9021A}) (Version: R8_2_339_ - DR Systems)
Dropbox (HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Opener Pro (HKLM-x32\...\fileopenerpro) (Version:  - FileOpenerPro) <==== ATTENTION
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GetSavin (HKLM-x32\...\GetSavin) (Version: 1.1361393456 - Adpeak, Inc.)
Gmail Backup (HKLM-x32\...\gmailbackup) (Version:  - )
Google Chrome (HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Chrome (HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Chrome (HKU\S-1-5-21-33795446-1446344522-1645180631-1004\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Chrome (HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Chrome (HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 14.0.835.186 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
LyriXeeker-1 (HKLM-x32\...\LyriXeeker-1) (Version: 1.28.153.3 - Lyrics) <==== ATTENTION
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaEspresso (x32 Version: 1.0.1418_35759 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MozyHome (HKLM\...\{88AE47C9-A9D2-E89D-C165-573D8015336D}) (Version: 2.28.0.421 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
Optimum (HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\93417483.optimumapp.iptv.optimum.net) (Version:  - optimumapp.iptv.optimum.net)
Optimum (HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\93417483.optimumapp.iptv.optimum.net) (Version:  - optimumapp.iptv.optimum.net)
Optimum App for Laptop 1.70 (HKLM\...\{6082AB31-92B1-4832-AC89-3B2E6D8C14FE}) (Version: 1.70 - Cablevision)
PDF Reader Packages (HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\PDF Reader Packages) (Version:  - ) <==== ATTENTION
PDF Reader Packages (HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\PDF Reader Packages) (Version:  - ) <==== ATTENTION
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.108.1 - proDAD GmbH)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.5.3 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
QuickShare (HKLM-x32\...\{1B325F70-A984-421E-8407-06683E6EF03B}) (Version: 1.90.60.12091 - Linkury Inc.) <==== ATTENTION
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for Zip Opener (HKU\S-1-5-21-33795446-1446344522-1645180631-1004\...\DSite) (Version:  - ) <==== ATTENTION
Update for Zip Opener (HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\DSite) (Version:  - ) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Driver Package - XYZ Printing, Inc. (usbser) Ports  (01/08/2013 6.0.0.0) (HKLM\...\338D7F76F2755F87D782D371F9638E1AFF90D233) (Version: 01/08/2013 6.0.0.0 - XYZ Printing, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WordOv (HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\WordOv) (Version: 3 - wordoverview.com)
WordOv (HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WordOv) (Version: 3 - wordoverview.com)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC) <==== ATTENTION
YouTube Song Downloader (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1) (Version: 8.2 - Abelssoft)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
24-04-2015 22:29:21 Windows Update
26-04-2015 13:49:09 avast! antivirus system restore point
01-05-2015 19:24:06 Windows Update
10-05-2015 15:52:11 Windows Update
13-05-2015 21:05:35 Windows Update
19-05-2015 20:47:25 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2013-11-02 18:55 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D878740-5D72-4B4A-B533-FFCA19BBF190} - System32\Tasks\LyriXeeker-1-chromeinstaller => C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-chromeinstaller.exe
Task: {200FEBB4-3807-4685-8DA6-4A357ACE1A4C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004UA => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: {23849E5C-0F9A-4A83-A536-AA2E06BDB532} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)
Task: {389D0B3C-C674-4785-B5EC-6D2412846799} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {47159A99-26F3-41AD-8A2C-F2CFF286396B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {4A9B574E-742F-46B2-AA0B-24F908FCDD9A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA => C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {51C81DAE-CA32-4B6A-89E3-717B9F66F2C9} - System32\Tasks\LyriXeeker-1-codedownloader => C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-codedownloader.exe
Task: {632DE900-7D21-467A-A8B8-4BD924642D50} - System32\Tasks\LyriXeeker-1-updater => C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-updater.exe
Task: {6CE57020-16EA-42DF-BED2-745CF73B86EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6EF8A6FC-1A97-4A60-96DE-59F8FDF84363} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {83E44BEA-0CC6-43BC-B36E-D3C3015694F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.)
Task: {8B5841F6-7EDC-45CC-93B1-26913427993A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {8CF888B4-7EB3-40FA-9923-609E7BAC6C07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.)
Task: {8F5F8B29-5896-4888-A5DE-6E91F3F1393E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core => C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {9A64C048-3957-4C57-BFC5-76F6CCE48975} - System32\Tasks\{C9725328-AE5B-41BF-9F1D-4340D2C5F01F} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {A8B6EB8F-E162-4B05-A0A4-8174BB4CB865} - System32\Tasks\{7385F599-730E-4993-809A-A26B2F4894F6} => pcalua.exe -a "C:\Users\Adam Rosenfeld\Downloads\HijackThis.exe" -d "C:\Users\Adam Rosenfeld\Downloads"
Task: {A92EBC34-D8B7-4925-A5C7-AF448DD7975C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AC46CF0F-2BD0-45A0-9616-7E4CEAEA4612} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004Core => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: {B0B4FD08-08CE-42A7-8EA3-D90094C05A61} - System32\Tasks\{ECF8EF71-269A-403D-9F53-9C05F0E5DFE8} => pcalua.exe -a "C:\Users\Adam Rosenfeld\Downloads\epson14070.exe" -d "C:\Users\Adam Rosenfeld\Downloads"
Task: {B4E1997E-2D23-4AD6-AE32-633BE50A1CC9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {BB90CEB7-1765-4040-BC43-3043618E3388} - \DealPly No Task File <==== ATTENTION
Task: {BC16B78F-6464-4A35-AFC8-06160160BB5A} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)
Task: {C874799F-6414-4CC1-8578-AAFD65671914} - System32\Tasks\{B9CD182D-6035-48D8-BA33-7A8E60DCEE74} => pcalua.exe -a "C:\Users\Adam Rosenfeld\Downloads\mozysetup.exe" -d "C:\Users\Adam Rosenfeld\Downloads"
Task: {CE1EB12E-EF9C-4CB4-AE13-436B1A4FEC85} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {D52906AA-4D92-4580-AA79-45ACB6D92EF0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated)
Task: {DC31E3B4-77FC-4088-8748-97E0C950BDEB} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2012\Messages\SDNotify.exe [2011-09-26] ()
Task: {E3EF9D13-DBA0-4A2B-A803-C3D5A749722C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {E629E4AA-B867-41FF-B9D1-8F1BB6DE88F9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-26] (Avast Software s.r.o.)
Task: {E84B5E8C-CBA5-4345-BB1C-036F87F673C4} - System32\Tasks\LyriXeeker-1-enabler => C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-enabler.exe
Task: {EADF6693-23FC-49B7-86C0-C253F142DA76} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)
Task: {EFCD2BFB-E37C-496C-9416-4BEA05DAB206} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NICMJNDJCMKJBJ"
Task: {F2CC2B89-4D6E-4D4F-BEEB-4C56DB0554A4} - System32\Tasks\{5E0F4CCE-6040-41A0-8C69-6D8D84BBD430} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {FF9CB7B3-9461-4F70-92E8-0E2252531D30} - System32\Tasks\Games\UpdateCheck_S-1-5-21-33795446-1446344522-1645180631-1000
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core.job => C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA.job => C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004Core.job => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004UA.job => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-08-21 12:31 - 2006-10-19 21:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2014-06-03 20:19 - 2014-06-03 20:18 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
2011-04-06 16:59 - 2011-03-25 20:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-04-26 13:54 - 2015-04-26 13:54 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-26 13:54 - 2015-04-26 13:54 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-13 21:05 - 2015-05-13 21:05 - 02927616 _____ () C:\Program Files\AVAST Software\Avast\defs\15051302\algo.dll
2015-05-19 19:29 - 2015-05-19 19:29 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051901\algo.dll
2011-02-15 14:37 - 2011-02-15 14:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-02-15 14:36 - 2011-02-15 14:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-02-15 14:37 - 2011-02-15 14:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-06-03 20:19 - 2014-06-03 20:18 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
2014-10-18 01:09 - 2014-10-18 01:09 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-04-06 16:15 - 2010-09-13 21:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-04-13 21:14 - 2015-03-30 17:07 - 01174856 _____ () C:\Users\Kids\AppData\Local\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-13 21:14 - 2015-03-30 17:07 - 00080200 _____ () C:\Users\Kids\AppData\Local\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-03-17 23:13 - 2015-03-17 23:13 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-14 21:52 - 2015-05-14 21:52 - 00043008 _____ () c:\Users\Adam Rosenfeld\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpum2kfw.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-30 01:18 - 2015-04-27 22:07 - 01252680 _____ () C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 01:18 - 2015-04-27 22:07 - 00080712 _____ () C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\42.0.2311.135\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Adam Rosenfeld\Desktop\Feud Complete.wmv:com.dropbox.attributes
AlternateDataStreams: C:\Users\Adam Rosenfeld\Documents\ROSENFELD Re_ great grandparents_.eml:OECustomProperty
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\amazon.com -> hxxp://www.amazon.com
IE trusted site: HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\brokeragebuilder.com -> hxxps://www.brokeragebuilder.com
IE trusted site: HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\reged.com -> hxxps://secure.reged.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-33795446-1446344522-1645180631-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{C4E00E0C-3DF3-454E-BD03-C0E845228F66}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{DDD8EC91-FF64-42C6-BE3C-18A2065BFF88}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{575F4D13-6303-453B-AE8E-47A652D8CF23}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6006864A-5F0C-4CC7-A077-657F995582BA}] => (Allow) LPort=2869
FirewallRules: [{41CFCC00-0FD5-4FE2-867C-FF328E9288D1}] => (Allow) LPort=1900
FirewallRules: [{05046B1B-2006-40BB-B0D0-67E60C1416F3}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B275548D-3F5D-42D3-8BAA-2C29F50E46C1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{27FDF99E-0AC0-4DE7-846D-2469D5A2F3EC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{426C8126-AFDB-4A4D-8D40-02C9AFA8B824}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1C8F7AEB-52A4-4778-B351-04F0F1D3A41D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{64F4FE15-066B-4872-8927-2C27EF2F330A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{0FFE9372-10A2-4698-B32B-8BE2022D4400}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{8A41CCD6-9043-4694-A7C7-5750A36FFBE7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{D86F4CC8-03F4-4377-BF26-D5B00F7B5D44}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{02455919-863D-4371-A082-114AA36BB4D6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A0FF35CD-9190-4D96-B6C2-CB5DEA1E76C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B0E67CD-2AA4-4AE8-916E-04CA75FA45C7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B790F041-37D1-4536-B3F6-1F951AED0038}] => (Allow) C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{14BA8EFC-6414-4601-862F-0AC0F7941F5F}] => (Allow) C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C04B855C-BB2A-4E8A-9C94-A0193FD1C59B}] => (Allow) D:\setup\hpznui40.exe
FirewallRules: [{BA5020BC-DE5A-45F6-B46F-9BCE15309A5E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{24C3D6FF-6D1C-4868-A80A-B25011E0DA9D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{83CB82C9-4B05-4755-AB71-6489CF9D5DE0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{35D80269-7CD3-44B8-8D22-EDE909D3C845}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{0423B3E6-C7E0-462A-8B8E-A11EA404E213}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{121CBFAB-D99F-4DC4-83DF-1A686BD48956}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{EA6E7749-9865-47BA-AA22-85FF5A4080B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{68F6B5E0-65AD-402E-803C-00C8B4D9EE66}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{4ABAD8AE-3853-459F-A177-28836ED3657B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E6BD6544-77F6-41FC-90B5-01D532E99A67}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{C809B188-077C-4DF9-81E7-60EF1140772A}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{0E2AA380-A7F8-4D61-BA99-4744801C5471}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{3D406EBB-3CEE-4357-97FF-44A9582B00E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{F5D672C3-A65E-44FC-B7F5-B8A0FD519FB6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{83A0948D-AB0C-4813-878E-8304C7550868}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{1126B15A-71EF-462F-8220-BFDF49FD16B1}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{3EDC6684-6D57-4562-B250-BB8E033DA001}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{F9F27452-9BA3-4867-8502-2AF18587E42D}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{48057372-4A73-4F3B-84D9-0F101AF5EB82}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [TCP Query User{43C4D947-AB0C-47FB-94D9-298801A48703}C:\users\adam rosenfeld\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\adam rosenfeld\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A47CEE74-58CB-409C-BFE7-090D84683E74}C:\users\adam rosenfeld\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\adam rosenfeld\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{EAA1A54E-A8D0-4BBB-A459-7193B6C9E554}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7B512FC6-1C1F-44DE-BDD9-4A65B5AB054A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{77C07026-19DA-4F49-994A-3EB52697C86E}] => (Allow) C:\Users\Adam Rosenfeld\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{046DD874-009F-4231-AF6B-4A8F2F754225}] => (Allow) C:\Users\Adam Rosenfeld\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{AD264D92-3E97-478F-96BB-976FB8CF6340}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{AD2E0072-E4C8-434F-991F-F1F310F64436}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{D9B7F91A-5B41-4E83-8301-81690812E8C1}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{63006B5A-0861-462C-8DBC-027E2BD4661A}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{D020A20A-6D58-4992-B624-7EB996ED14F0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B4926826-C0CA-4974-96D9-77C3D6986B39}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{041AC050-B62D-4583-AF0E-E4BC98F31A41}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{A175291F-2535-4A4E-98FE-02B1051D184D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{610DDEDF-8D51-41CA-AF23-C6BCF904F0CC}] => (Allow) C:\Program Files\CyberLink\PowerDirector13\PDR10.EXE
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Lexmark Optra T610
Description: Lexmark Optra T610
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/19/2015 09:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
 
System errors:
=============
Error: (05/19/2015 08:16:52 PM) (Source: bScsiSDa) (EventID: 15) (User: )
Description: The device, \Device\Scsi\bScsiSDa1, is not ready for access yet.
 
Error: (05/19/2015 08:16:32 PM) (Source: bScsiSDa) (EventID: 15) (User: )
Description: The device, \Device\Scsi\bScsiSDa1, is not ready for access yet.
 
Error: (05/19/2015 08:16:12 PM) (Source: bScsiSDa) (EventID: 15) (User: )
Description: The device, \Device\Scsi\bScsiSDa1, is not ready for access yet.
 
Error: (05/19/2015 07:24:27 PM) (Source: bScsiSDa) (EventID: 15) (User: )
Description: The device, \Device\Scsi\bScsiSDa1, is not ready for access yet.
 
Error: (05/19/2015 07:24:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (05/19/2015 07:24:07 PM) (Source: bScsiSDa) (EventID: 15) (User: )
Description: The device, \Device\Scsi\bScsiSDa1, is not ready for access yet.
 
Error: (05/19/2015 07:23:47 PM) (Source: bScsiSDa) (EventID: 15) (User: )
Description: The device, \Device\Scsi\bScsiSDa1, is not ready for access yet.
 
Error: (05/18/2015 01:30:09 AM) (Source: bScsiSDa) (EventID: 15) (User: )
Description: The device, \Device\Scsi\bScsiSDa1, is not ready for access yet.
 
Error: (05/18/2015 01:29:49 AM) (Source: bScsiSDa) (EventID: 15) (User: )
Description: The device, \Device\Scsi\bScsiSDa1, is not ready for access yet.
 
Error: (05/18/2015 01:29:29 AM) (Source: bScsiSDa) (EventID: 15) (User: )
Description: The device, \Device\Scsi\bScsiSDa1, is not ready for access yet.
 
 
Microsoft Office Sessions:
=========================
Error: (05/19/2015 09:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/19/2015 09:23:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-30 07:11:06.359
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-30 07:11:06.281
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 16:32:12.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 16:32:12.771
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 16:32:12.662
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 16:32:12.631
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 00:41:48.363
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 00:41:48.316
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 79%
Total physical RAM: 3947.86 MB
Available physical RAM: 810.29 MB
Total Pagefile: 7893.93 MB
Available Pagefile: 2966.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:260.92 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2DB06464)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello Adam,

Firstly

Please uninstall the following adware programs:

PDF Reader Packages
QuickShare
Strongvault Online Backup
Update for Zip Opener
Yontoo 1.10.03


Also

Did you install TeamViewer 9?

 

If not, uninstall that one too. It is a legitimate program but is sometimes used for malicious purposes.

Next

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please uninstall the following adware program that should now be visible in your uninstall list:

LyriXeeker-1

Finally in this post

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

Attached Files


  • 0

#3
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts

I czn oly Uninstall the first and last from that list.  Ideas?


  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

That's okay, just uninstall what you can and then move on to the next instruction. :)


  • 0

#5
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts

ok, Here's where we're at...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Adam Rosenfeld (administrator) on ADAMROSENFELD on 23-05-2015 07:22:12
Running from C:\Users\Adam Rosenfeld\Desktop
Loaded Profiles: Adam Rosenfeld (Available Profiles: Adam Rosenfeld & Kids & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\EBAPIX32.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dropbox, Inc.) C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [167960 2011-03-30] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [391704 2011-03-30] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [418840 2011-03-30] (Intel Corporation)
HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-23] (Acer Incorporated)
HKLM-x32\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Run: [41A6E601A44F506D92A54D89F68E0E8872D6AEB3._service_run] => C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Run: [Google Update] => C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\Users\Adam Rosenfeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-02-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2013-11-15]
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-26] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-33795446-1446344522-1645180631-1004\User: Group Policy Restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000 -> DefaultScope {774F3256-7F66-4691-B895-B0B83356154D} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000 -> {774F3256-7F66-4691-B895-B0B83356154D} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.searc...p={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-26] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-26] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://webdeposit.e...om/eztwainx.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-33795446-1446344522-1645180631-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-09-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-05]
FF HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-16]
CHR Extension: (Bookmark Manager) - C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
StartMenuInternet: Google Chrome - C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AffinegyService; C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe [587120 2011-10-17] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-26] (Avast Software s.r.o.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) []
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) []
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) []
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-05-22] (RaMMicHaeL)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-26] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-26] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-26] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-26] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-26] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-10-02] (Mozy, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-22 23:32 - 2015-05-22 23:32 - 00000000 ____D () C:\Users\Adam Rosenfeld\Desktop\FRST-OlderVersion
2015-05-22 21:01 - 2015-05-22 21:01 - 00001023 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2015-05-22 21:01 - 2015-05-22 21:01 - 00000000 ____D () C:\ProgramData\Unchecky
2015-05-22 21:01 - 2015-05-22 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-05-22 21:01 - 2015-05-22 21:01 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-05-22 21:00 - 2015-05-22 21:00 - 01142616 _____ (RaMMicHaeL) C:\Users\Adam Rosenfeld\Downloads\unchecky_setup.exe
2015-05-21 21:52 - 2015-05-22 19:42 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{A8E0F425-BCE9-4823-A87C-7266768E1630}
2015-05-19 21:22 - 2015-05-19 21:30 - 00062145 _____ () C:\Users\Adam Rosenfeld\Desktop\Addition.txt
2015-05-19 21:19 - 2015-05-23 07:24 - 00026087 _____ () C:\Users\Adam Rosenfeld\Desktop\FRST.txt
2015-05-19 21:16 - 2015-05-23 07:22 - 00000000 ____D () C:\FRST
2015-05-19 21:15 - 2015-05-22 23:32 - 02108416 _____ (Farbar) C:\Users\Adam Rosenfeld\Desktop\FRST64.exe
2015-05-17 16:41 - 2015-05-17 16:42 - 00000000 ____D () C:\Users\Kids\AppData\Local\{884C5A7B-C047-472E-BB67-45A38AEA69D4}
2015-05-14 21:51 - 2015-05-20 21:25 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{C523472C-BE5F-4837-A3C5-0A8AE98ED63D}
2015-05-14 20:43 - 2015-05-14 20:43 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Mozilla
2015-05-14 20:40 - 2015-05-14 20:41 - 00000000 ____D () C:\Users\Kids\AppData\Local\{4CDA38E9-B5D6-4B2D-A583-8F814B083250}
2015-05-13 21:14 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:14 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:02 - 2015-05-13 21:02 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{98567B3E-0CEE-4B0B-ADBA-8F025F61F17D}
2015-05-12 21:29 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:29 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:29 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:29 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:28 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:28 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:28 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:28 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:28 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:28 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:28 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:28 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:28 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:28 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:28 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:28 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:28 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:28 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:28 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:28 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:28 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:28 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:28 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:28 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:28 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:28 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:28 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:28 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:28 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:28 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:28 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:28 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:28 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:28 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:28 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:28 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:28 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:28 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:28 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:28 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:28 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:28 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:28 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:28 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:28 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:28 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:28 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:28 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:28 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:28 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:28 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:28 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:28 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:28 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:28 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:28 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:28 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:28 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:28 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:28 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:28 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:28 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:28 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:28 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:28 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:28 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 21:28 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:27 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 21:27 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:27 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 21:27 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 21:27 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 21:27 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 21:27 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 21:27 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 21:27 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 21:27 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 21:27 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 21:27 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 21:27 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 21:27 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 21:27 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 21:27 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 21:27 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 21:27 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 21:27 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 21:27 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 21:27 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 21:27 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 21:27 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 21:27 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 21:27 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 21:27 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 21:27 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 21:27 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 21:27 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 21:27 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 21:27 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 21:27 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:27 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:25 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:25 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:25 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:25 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:25 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:25 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:25 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 21:25 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:25 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:24 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 21:24 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 21:24 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:24 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 21:24 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 21:24 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 21:24 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 21:08 - 2015-05-12 21:08 - 00350210 _____ () C:\Users\Adam Rosenfeld\Downloads\C2AB.tmp
2015-05-03 14:23 - 2015-05-12 20:38 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{CAF34D84-7EE7-4929-AC10-E0D81467E402}
2015-05-02 20:57 - 2015-05-02 20:58 - 00092160 _____ () C:\Users\Adam Rosenfeld\Desktop\Slice of LI.wps
2015-04-27 21:04 - 2015-05-02 12:36 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{D584CCB3-05F2-47C6-8933-CBA8B5C4EF2D}
2015-04-26 23:09 - 2015-04-26 23:09 - 00403440 _____ () C:\Users\Adam Rosenfeld\Desktop\bottle rocket.3gp
2015-04-26 13:54 - 2015-04-26 13:54 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-26 13:54 - 2015-04-26 13:54 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-23 07:25 - 2013-05-26 18:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 07:21 - 2011-06-07 21:48 - 01108039 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 07:19 - 2010-09-09 08:17 - 00000000 ___RD () C:\Users\Adam Rosenfeld\Documents\My Dropbox
2015-05-23 07:19 - 2010-09-09 08:13 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox
2015-05-23 07:18 - 2011-08-18 09:56 - 00000000 ____D () C:\ProgramData\clear.fi
2015-05-23 07:18 - 2011-08-18 07:19 - 00094040 _____ () C:\Users\Adam Rosenfeld\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-23 07:16 - 2014-07-04 09:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 07:16 - 2013-05-26 18:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 07:16 - 2011-09-30 22:48 - 00000632 __RSH () C:\Users\Adam Rosenfeld\ntuser.pol
2015-05-23 07:16 - 2011-08-18 07:19 - 00000000 ____D () C:\Users\Adam Rosenfeld
2015-05-23 07:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 07:16 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-23 07:15 - 2013-02-23 16:29 - 00749174 _____ () C:\Windows\PFRO.log
2015-05-23 07:15 - 2013-02-23 16:29 - 00041962 _____ () C:\Windows\setupact.log
2015-05-23 07:15 - 2009-07-14 00:45 - 00349904 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-23 07:10 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-23 07:10 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-23 07:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-23 07:05 - 2012-09-01 00:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 07:00 - 2013-10-05 17:27 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-22 23:49 - 2011-08-18 07:31 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA.job
2015-05-22 21:21 - 2011-09-12 10:18 - 00006552 _____ () C:\Windows\mozy.flt
2015-05-22 21:21 - 2011-09-12 10:18 - 00005158 _____ () C:\Windows\mozy.blk
2015-05-20 21:41 - 2015-04-14 18:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 21:41 - 2015-04-14 18:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 20:20 - 2013-05-26 18:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 20:20 - 2013-05-26 18:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 16:49 - 2011-08-18 07:31 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core.job
2015-05-17 16:44 - 2011-08-18 07:31 - 00003932 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA
2015-05-17 16:44 - 2011-08-18 07:31 - 00003536 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core
2015-05-16 07:48 - 2013-02-23 00:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 07:40 - 2011-09-30 23:05 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004Core.job
2015-05-14 21:53 - 2014-07-04 09:25 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-14 21:53 - 2014-07-04 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-14 21:53 - 2014-07-04 09:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-14 21:22 - 2009-07-14 01:13 - 00787388 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 20:39 - 2011-09-30 22:59 - 00004582 __RSH () C:\Users\Kids\ntuser.pol
2015-05-14 20:39 - 2011-09-30 22:59 - 00000000 ____D () C:\Users\Kids
2015-05-13 22:53 - 2012-05-13 21:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 22:53 - 2012-05-13 21:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 22:49 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 22:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 22:09 - 2011-08-19 12:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 22:01 - 2013-07-30 21:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 21:36 - 2011-08-24 20:47 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 21:13 - 2012-05-13 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:29 - 2014-01-09 22:28 - 00003090 _____ () C:\Windows\wininit.ini
2015-05-12 22:29 - 2011-08-18 11:37 - 00001053 _____ () C:\Users\Adam Rosenfeld\Desktop\Dropbox.lnk
2015-05-12 22:29 - 2011-08-18 11:36 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-02 20:52 - 2014-11-28 23:33 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Roaming\vlc
2015-04-30 01:12 - 2014-11-28 14:40 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-26 15:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-26 13:54 - 2014-04-21 21:32 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-26 13:54 - 2014-01-26 09:05 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-26 13:54 - 2013-11-05 23:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-26 13:54 - 2013-11-05 23:39 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-26 13:54 - 2013-11-05 23:39 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-26 13:54 - 2013-11-05 23:39 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-26 13:54 - 2013-11-05 23:39 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-26 13:53 - 2014-11-03 00:34 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-04-26 13:53 - 2013-11-05 23:39 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-26 13:44 - 2015-04-21 19:51 - 00000000 ____D () C:\Users\Adam Rosenfeld\AppData\Local\{7C053E25-9827-4EE7-9F4F-C37A87373847}
2015-04-24 22:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
 
==================== Files in the root of some directories =======
 
2013-07-27 10:41 - 2013-09-28 00:21 - 0000113 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\WB.CFG
2013-06-13 08:46 - 2013-09-28 00:21 - 0000005 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\WBPU-TTL.DAT
2010-02-21 10:40 - 2011-04-29 23:06 - 0168960 _____ () C:\Users\Adam Rosenfeld\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-03 09:24 - 2011-07-03 09:24 - 2427882 _____ () C:\Users\Adam Rosenfeld\AppData\Local\[j0003]-[p01].bmp
2014-12-10 20:47 - 2014-12-10 20:47 - 0000000 _____ () C:\Users\Adam Rosenfeld\AppData\Local\{454A0AB3-147E-409C-B56D-8718B780D75B}
2011-06-07 22:08 - 2011-06-07 22:12 - 0015211 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-09-05 09:00 - 2012-09-18 11:10 - 0013076 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Adam Rosenfeld\NTUSER (1).DAT
 
 
Some files in TEMP:
====================
C:\Users\Adam Rosenfeld\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm1bosn.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-10 18:51
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Adam Rosenfeld at 2015-05-23 07:26:14
Running from C:\Users\Adam Rosenfeld\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Adam Rosenfeld (S-1-5-21-33795446-1446344522-1645180631-1000 - Administrator - Enabled) => C:\Users\Adam Rosenfeld
Administrator (S-1-5-21-33795446-1446344522-1645180631-500 - Administrator - Disabled)
Guest (S-1-5-21-33795446-1446344522-1645180631-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-33795446-1446344522-1645180631-1002 - Limited - Enabled)
Kids (S-1-5-21-33795446-1446344522-1645180631-1004 - Limited - Enabled) => C:\Users\Kids
OLDPCADMIN (S-1-5-21-33795446-1446344522-1645180631-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1510 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1510 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 5.0 - Autodesk, Inc.)
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.7.598 - AVG Technologies)
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BMW Standard Tools (HKLM-x32\...\{ 70994916-61E9-40D2-A30C-89D2C030017F}_is1) (Version: 2.12.0 - BMW Group)
Bonjour (HKLM\...\{877924AA-E044-4266-B37D-E974CD799934}) (Version: 2.0.0.34 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C4700 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1422.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7418 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CryptoPrevent v4.3.2 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2104.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DigiDo (HKLM-x32\...\DigiDo_is1) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DR Systems Web Ambassador (HKLM-x32\...\{98BCB68E-274F-11D4-B2FA-00105AA9021A}) (Version: R8_2_339_ - DR Systems)
Dropbox (HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Opener Pro (HKLM-x32\...\fileopenerpro) (Version:  - FileOpenerPro) <==== ATTENTION
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GetSavin (HKLM-x32\...\GetSavin) (Version: 1.1361393456 - Adpeak, Inc.)
Gmail Backup (HKLM-x32\...\gmailbackup) (Version:  - )
Google Chrome (HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaEspresso (x32 Version: 1.0.1418_35759 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MozyHome (HKLM\...\{88AE47C9-A9D2-E89D-C165-573D8015336D}) (Version: 2.28.0.421 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
Optimum (HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\93417483.optimumapp.iptv.optimum.net) (Version:  - optimumapp.iptv.optimum.net)
Optimum App for Laptop 1.70 (HKLM\...\{6082AB31-92B1-4832-AC89-3B2E6D8C14FE}) (Version: 1.70 - Cablevision)
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.108.1 - proDAD GmbH)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.5.3 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
QuickShare (HKLM-x32\...\{1B325F70-A984-421E-8407-06683E6EF03B}) (Version: 1.90.60.12091 - Linkury Inc.) <==== ATTENTION
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unchecky v0.3.7.5 (HKLM-x32\...\Unchecky) (Version: 0.3.7.5 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Driver Package - XYZ Printing, Inc. (usbser) Ports  (01/08/2013 6.0.0.0) (HKLM\...\338D7F76F2755F87D782D371F9638E1AFF90D233) (Version: 01/08/2013 6.0.0.0 - XYZ Printing, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WordOv (HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\WordOv) (Version: 3 - wordoverview.com)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
YouTube Song Downloader (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1) (Version: 8.2 - Abelssoft)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
26-04-2015 13:49:09 avast! antivirus system restore point
01-05-2015 19:24:06 Windows Update
10-05-2015 15:52:11 Windows Update
13-05-2015 21:05:35 Windows Update
19-05-2015 20:47:25 Windows Update
20-05-2015 21:24:33 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-05-23 07:16 - 00001269 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
???????????????????????????????????????????????????????????«???????(???????????????4????????«???????????????????????????‰??????????«????????????????‰???????????????‰?????????«??????????????????????‰?????????????«??????????????????????‰???????????‰???????????‰??????????????‰??????????«?????????????«?????????????????‰????????????????‰????????????«??????????????????‰????????????‰????????«?????????????«?????????????«??????????????????‰?????????«???????????????‰????????«????????????«?????????????????‰???????«??????????????‰???????«?????????????????????‰?????????????‰?????????????????
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {200FEBB4-3807-4685-8DA6-4A357ACE1A4C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004UA => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: {23849E5C-0F9A-4A83-A536-AA2E06BDB532} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)
Task: {43715AC1-1761-4425-A7B5-873186BE25D3} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {47159A99-26F3-41AD-8A2C-F2CFF286396B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {4A9B574E-742F-46B2-AA0B-24F908FCDD9A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA => C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {51C81DAE-CA32-4B6A-89E3-717B9F66F2C9} - System32\Tasks\LyriXeeker-1-codedownloader => C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-codedownloader.exe
Task: {6CE57020-16EA-42DF-BED2-745CF73B86EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {83E44BEA-0CC6-43BC-B36E-D3C3015694F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.)
Task: {8CF888B4-7EB3-40FA-9923-609E7BAC6C07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.)
Task: {8F5F8B29-5896-4888-A5DE-6E91F3F1393E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core => C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {9A64C048-3957-4C57-BFC5-76F6CCE48975} - System32\Tasks\{C9725328-AE5B-41BF-9F1D-4340D2C5F01F} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {A8B6EB8F-E162-4B05-A0A4-8174BB4CB865} - System32\Tasks\{7385F599-730E-4993-809A-A26B2F4894F6} => pcalua.exe -a "C:\Users\Adam Rosenfeld\Downloads\HijackThis.exe" -d "C:\Users\Adam Rosenfeld\Downloads"
Task: {AC46CF0F-2BD0-45A0-9616-7E4CEAEA4612} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004Core => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: {B0B4FD08-08CE-42A7-8EA3-D90094C05A61} - System32\Tasks\{ECF8EF71-269A-403D-9F53-9C05F0E5DFE8} => pcalua.exe -a "C:\Users\Adam Rosenfeld\Downloads\epson14070.exe" -d "C:\Users\Adam Rosenfeld\Downloads"
Task: {BB90CEB7-1765-4040-BC43-3043618E3388} - \DealPly No Task File <==== ATTENTION
Task: {BC16B78F-6464-4A35-AFC8-06160160BB5A} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)
Task: {C874799F-6414-4CC1-8578-AAFD65671914} - System32\Tasks\{B9CD182D-6035-48D8-BA33-7A8E60DCEE74} => pcalua.exe -a "C:\Users\Adam Rosenfeld\Downloads\mozysetup.exe" -d "C:\Users\Adam Rosenfeld\Downloads"
Task: {D48D2AF1-868E-45B7-8965-AF9D0C9BF77F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {D52906AA-4D92-4580-AA79-45ACB6D92EF0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated)
Task: {DC31E3B4-77FC-4088-8748-97E0C950BDEB} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2012\Messages\SDNotify.exe [2011-09-26] ()
Task: {E3EF9D13-DBA0-4A2B-A803-C3D5A749722C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {E629E4AA-B867-41FF-B9D1-8F1BB6DE88F9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-26] (Avast Software s.r.o.)
Task: {EADF6693-23FC-49B7-86C0-C253F142DA76} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)
Task: {EFCD2BFB-E37C-496C-9416-4BEA05DAB206} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NICMJNDJCMKJBJ"
Task: {F2CC2B89-4D6E-4D4F-BEEB-4C56DB0554A4} - System32\Tasks\{5E0F4CCE-6040-41A0-8C69-6D8D84BBD430} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {FF9CB7B3-9461-4F70-92E8-0E2252531D30} - System32\Tasks\Games\UpdateCheck_S-1-5-21-33795446-1446344522-1645180631-1000
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core.job => C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA.job => C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004Core.job => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004UA.job => C:\Users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-08-21 12:31 - 2006-10-19 21:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2011-04-06 16:59 - 2011-03-25 20:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-04-26 13:54 - 2015-04-26 13:54 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-26 13:54 - 2015-04-26 13:54 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-23 07:04 - 2015-05-23 07:04 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052300\algo.dll
2011-02-15 14:37 - 2011-02-15 14:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-02-15 14:36 - 2011-02-15 14:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-02-15 14:37 - 2011-02-15 14:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-02-22 13:01 - 2011-02-22 13:01 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2015-05-23 07:18 - 2015-05-23 07:18 - 00043008 _____ () c:\Users\Adam Rosenfeld\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm1bosn.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-17 23:13 - 2015-03-17 23:13 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-22 21:16 - 2015-05-13 12:48 - 01281864 _____ () C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-22 21:16 - 2015-05-13 12:48 - 00080712 _____ () C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\43.0.2357.65\libegl.dll
2014-10-18 01:09 - 2014-10-18 01:09 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-04-06 16:15 - 2010-09-13 21:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Adam Rosenfeld\Desktop\Feud Complete.wmv:com.dropbox.attributes
AlternateDataStreams: C:\Users\Adam Rosenfeld\Documents\ROSENFELD Re_ great grandparents_.eml:OECustomProperty
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\amazon.com -> hxxp://www.amazon.com
IE trusted site: HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\brokeragebuilder.com -> hxxps://www.brokeragebuilder.com
IE trusted site: HKU\S-1-5-21-33795446-1446344522-1645180631-1000\...\reged.com -> hxxps://secure.reged.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER Error getting ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C4E00E0C-3DF3-454E-BD03-C0E845228F66}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{DDD8EC91-FF64-42C6-BE3C-18A2065BFF88}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{575F4D13-6303-453B-AE8E-47A652D8CF23}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6006864A-5F0C-4CC7-A077-657F995582BA}] => (Allow) LPort=2869
FirewallRules: [{41CFCC00-0FD5-4FE2-867C-FF328E9288D1}] => (Allow) LPort=1900
FirewallRules: [{05046B1B-2006-40BB-B0D0-67E60C1416F3}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B275548D-3F5D-42D3-8BAA-2C29F50E46C1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{27FDF99E-0AC0-4DE7-846D-2469D5A2F3EC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{426C8126-AFDB-4A4D-8D40-02C9AFA8B824}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1C8F7AEB-52A4-4778-B351-04F0F1D3A41D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{64F4FE15-066B-4872-8927-2C27EF2F330A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{0FFE9372-10A2-4698-B32B-8BE2022D4400}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{8A41CCD6-9043-4694-A7C7-5750A36FFBE7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{D86F4CC8-03F4-4377-BF26-D5B00F7B5D44}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{02455919-863D-4371-A082-114AA36BB4D6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A0FF35CD-9190-4D96-B6C2-CB5DEA1E76C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B0E67CD-2AA4-4AE8-916E-04CA75FA45C7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B790F041-37D1-4536-B3F6-1F951AED0038}] => (Allow) C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{14BA8EFC-6414-4601-862F-0AC0F7941F5F}] => (Allow) C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C04B855C-BB2A-4E8A-9C94-A0193FD1C59B}] => (Allow) D:\setup\hpznui40.exe
FirewallRules: [{BA5020BC-DE5A-45F6-B46F-9BCE15309A5E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{24C3D6FF-6D1C-4868-A80A-B25011E0DA9D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{83CB82C9-4B05-4755-AB71-6489CF9D5DE0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{35D80269-7CD3-44B8-8D22-EDE909D3C845}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{0423B3E6-C7E0-462A-8B8E-A11EA404E213}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{121CBFAB-D99F-4DC4-83DF-1A686BD48956}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{EA6E7749-9865-47BA-AA22-85FF5A4080B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{68F6B5E0-65AD-402E-803C-00C8B4D9EE66}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{4ABAD8AE-3853-459F-A177-28836ED3657B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E6BD6544-77F6-41FC-90B5-01D532E99A67}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{C809B188-077C-4DF9-81E7-60EF1140772A}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{0E2AA380-A7F8-4D61-BA99-4744801C5471}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{3D406EBB-3CEE-4357-97FF-44A9582B00E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{F5D672C3-A65E-44FC-B7F5-B8A0FD519FB6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{83A0948D-AB0C-4813-878E-8304C7550868}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{1126B15A-71EF-462F-8220-BFDF49FD16B1}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{3EDC6684-6D57-4562-B250-BB8E033DA001}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{F9F27452-9BA3-4867-8502-2AF18587E42D}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{48057372-4A73-4F3B-84D9-0F101AF5EB82}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [TCP Query User{43C4D947-AB0C-47FB-94D9-298801A48703}C:\users\adam rosenfeld\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\adam rosenfeld\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A47CEE74-58CB-409C-BFE7-090D84683E74}C:\users\adam rosenfeld\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\adam rosenfeld\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{EAA1A54E-A8D0-4BBB-A459-7193B6C9E554}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7B512FC6-1C1F-44DE-BDD9-4A65B5AB054A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{77C07026-19DA-4F49-994A-3EB52697C86E}] => (Allow) C:\Users\Adam Rosenfeld\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{046DD874-009F-4231-AF6B-4A8F2F754225}] => (Allow) C:\Users\Adam Rosenfeld\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{AD264D92-3E97-478F-96BB-976FB8CF6340}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{AD2E0072-E4C8-434F-991F-F1F310F64436}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{D9B7F91A-5B41-4E83-8301-81690812E8C1}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{63006B5A-0861-462C-8DBC-027E2BD4661A}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{610DDEDF-8D51-41CA-AF23-C6BCF904F0CC}] => (Allow) C:\Program Files\CyberLink\PowerDirector13\PDR10.EXE
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Lexmark Optra T610
Description: Lexmark Optra T610
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/23/2015 07:19:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
 
System errors:
=============
Error: (05/23/2015 07:17:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/23/2015 07:16:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.7 service failed to start due to the following error: 
%%2
 
Error: (05/23/2015 07:09:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (05/23/2015 07:01:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (05/23/2015 07:01:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (05/23/2015 06:59:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/22/2015 11:11:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (05/22/2015 11:11:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (05/22/2015 11:10:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/22/2015 10:57:03 PM) (Source: bScsiSDa) (EventID: 15) (User: )
Description: The device, \Device\Scsi\bScsiSDa1, is not ready for access yet.
 
 
Microsoft Office:
=========================
Error: (05/23/2015 07:19:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (05/23/2015 07:19:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-30 07:11:06.359
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-30 07:11:06.281
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 16:32:12.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 16:32:12.771
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 16:32:12.662
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 16:32:12.631
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 00:41:48.363
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-17 00:41:48.316
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 3947.86 MB
Available physical RAM: 1588.25 MB
Total Pagefile: 7893.93 MB
Available Pagefile: 4780.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:269.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2DB06464)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Would you please carry out the instruction at my post #2.

 

The one under the heading:

 

Next


  • 0

#7
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts

complete.  Here's the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Adam Rosenfeld at 2015-05-23 16:42:13 Run:2
Running from C:\Users\Adam Rosenfeld\Desktop
Loaded Profiles: Adam Rosenfeld (Available Profiles: Adam Rosenfeld & Kids & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM Group Policy restriction on software: %appdata%\pdf reader packages\uninstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\pdf reader packages\uninstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\pdf reader packages\uninstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\pdf reader packages\uninstaller.exe <====== ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1004 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1004 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
GroupPolicyUsers\S-1-5-21-33795446-1446344522-1645180631-1004\User: Group Policy Restriction detected <======= ATTENTION
CHR HKU\S-1-5-21-33795446-1446344522-1645180631-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.searc...p={searchTerms}
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll [2014-06-03] (AVG Secure Search)
C:\%appdata%\pdf reader packages
C:\%userprofile%\AppData\Roaming\pdf reader packages
C:\Program Files (x86)\Common Files\AVG Secure Search
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
C:\Windows\system32\꘰ä
C:\Users\Adam Rosenfeld\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpum2kfw.dll
C:\Users\Adam Rosenfeld\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Kids\AppData\Local\Temp\GUR9F70.exe
LyriXeeker-1 (HKLM-x32\...\LyriXeeker-1) (Version: 1.28.153.3 - Lyrics) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
Task: {0D878740-5D72-4B4A-B533-FFCA19BBF190} - System32\Tasks\LyriXeeker-1-chromeinstaller => C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-chromeinstaller.exe
ask: {51C81DAE-CA32-4B6A-89E3-717B9F66F2C9} - System32\Tasks\LyriXeeker-1-codedownloader => C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-codedownloader.exe
Task: {632DE900-7D21-467A-A8B8-4BD924642D50} - System32\Tasks\LyriXeeker-1-updater => C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-updater.exe
Task: {6EF8A6FC-1A97-4A60-96DE-59F8FDF84363} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
C:\Program Files (x86)\Ask.com
Task: {CE1EB12E-EF9C-4CB4-AE13-436B1A4FEC85} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {E84B5E8C-CBA5-4345-BB1C-036F87F673C4} - System32\Tasks\LyriXeeker-1-enabler => C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-enabler.exe
CMD: ipconfig /flushdns
EmptyTemp:
*****************
 
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKU\S-1-5-21-33795446-1446344522-1645180631-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-33795446-1446344522-1645180631-1004 => Group Policy Restriction on software not found
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 => Group Policy Restriction on software not found
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 => Group Policy Restriction on software not found
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-33795446-1446344522-1645180631-1004\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\SOFTWARE\Policies\Google => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. 
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-33795446-1446344522-1645180631-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-33795446-1446344522-1645180631-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value not found.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value not found.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-33795446-1446344522-1645180631-501-{{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-33795446-1446344522-1645180631-501-{{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => key not found. 
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => key not found. 
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found. 
"C:\%appdata%\pdf reader packages" => File/Folder not found.
"C:\%userprofile%\AppData\Roaming\pdf reader packages" => File/Folder not found.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Folder not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found. 
"C:\Windows\system32\꘰ä" => File/Folder not found.
"C:\Users\Adam Rosenfeld\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpum2kfw.dll" => File/Folder not found.
"C:\Users\Adam Rosenfeld\AppData\Local\Temp\vlc-2.2.1-win32.exe" => File/Folder not found.
"C:\Users\Kids\AppData\Local\Temp\GUR9F70.exe" => File/Folder not found.
LyriXeeker-1 (HKLM-x32\...\LyriXeeker-1) (Version: 1.28.153.3 - Lyrics) <==== ATTENTION => Error: No automatic fix ' & $found1 & ' for this entry.
HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found. 
HKU\S-1-5-21-33795446-1446344522-1645180631-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D878740-5D72-4B4A-B533-FFCA19BBF190} => key not found. 
C:\Windows\System32\Tasks\LyriXeeker-1-chromeinstaller not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyriXeeker-1-chromeinstaller => key not found. 
ask: {51C81DAE-CA32-4B6A-89E3-717B9F66F2C9} - System32\Tasks\LyriXeeker-1-codedownloader => C:\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-codedownloader.exe => Error: No automatic fix ' & $found1 & ' for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{632DE900-7D21-467A-A8B8-4BD924642D50} => key not found. 
C:\Windows\System32\Tasks\LyriXeeker-1-updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyriXeeker-1-updater => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EF8A6FC-1A97-4A60-96DE-59F8FDF84363} => key not found. 
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => key not found. 
"C:\Program Files (x86)\Ask.com" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE1EB12E-EF9C-4CB4-AE13-436B1A4FEC85} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E84B5E8C-CBA5-4345-BB1C-036F87F673C4} => key not found. 
C:\Windows\System32\Tasks\LyriXeeker-1-enabler not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyriXeeker-1-enabler => key not found. 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 119.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:42:36 ====

  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello Adam,

 

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


  • 0

#9
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts

Here's the log from combofix:

 

ComboFix 15-05-19.01 - Adam Rosenfeld 05/23/2015  17:39:59.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.2301 [GMT -4:00]
Running from: c:\users\Adam Rosenfeld\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-23 to 2015-05-23  )))))))))))))))))))))))))))))))
.
.
2015-05-23 21:49 . 2015-05-23 21:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-05-23 21:49 . 2015-05-23 21:49 -------- d-----w- c:\users\Kids\AppData\Local\temp
2015-05-23 21:49 . 2015-05-23 21:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-05-23 21:49 . 2015-05-23 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-23 01:01 . 2015-05-23 01:01 -------- d-----w- c:\programdata\Unchecky
2015-05-23 01:01 . 2015-05-23 01:01 -------- d-----w- c:\program files (x86)\Unchecky
2015-05-22 23:59 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5C88B02-75CA-446B-A26E-B9D1A5E6A03D}\mpengine.dll
2015-05-20 01:16 . 2015-05-23 20:44 -------- d-----w- C:\FRST
2015-05-14 01:14 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 01:14 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:29 . 2015-05-05 01:29 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-13 01:29 . 2015-05-05 01:12 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-13 01:29 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-05-13 01:29 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-05-13 01:27 . 2015-04-27 19:23 1254400 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-13 01:25 . 2015-04-08 03:29 1736192 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-05-13 01:24 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-13 01:24 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-13 01:24 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-13 01:24 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-13 01:24 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-13 01:24 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-13 01:24 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-04-26 17:54 . 2015-04-26 17:54 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-26 17:54 . 2015-04-26 17:54 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-23 20:52 . 2014-07-04 13:27 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-14 01:36 . 2011-08-25 00:47 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-13 01:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-26 17:54 . 2014-01-26 13:05 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-26 17:54 . 2013-11-06 03:39 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-26 17:54 . 2013-11-06 03:39 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-26 17:54 . 2014-04-22 01:32 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-26 17:54 . 2013-11-06 03:39 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-26 17:54 . 2013-11-06 03:39 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-26 17:54 . 2013-11-06 03:39 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-26 17:53 . 2013-11-06 03:39 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-26 17:53 . 2014-11-03 04:34 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-04-18 20:18 . 2012-09-01 04:06 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-18 20:18 . 2011-12-16 02:22 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 13:37 . 2014-07-04 13:25 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 13:37 . 2014-07-04 13:25 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 13:37 . 2013-02-23 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-14 07:38 . 2015-04-14 07:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-04-13 01:23 . 2015-03-28 13:50 129752 ----a-w- c:\windows\system32\drivers\27B51CDA.sys
2015-03-25 03:24 . 2015-04-14 22:32 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-14 22:32 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-14 22:32 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-14 22:32 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-14 22:32 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-14 22:32 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-14 22:32 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-14 22:32 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-14 22:32 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-14 22:32 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-14 22:32 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-14 22:32 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-14 22:32 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-14 22:32 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-14 22:32 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-14 22:32 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-14 22:32 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-14 22:32 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-14 22:32 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-14 22:32 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-14 22:32 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-14 22:32 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-14 22:32 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-14 22:32 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-14 22:32 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-14 22:32 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-14 22:32 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-14 22:32 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-14 22:32 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-14 22:32 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-14 22:30 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-14 22:30 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 01:24 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 01:24 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-14 22:30 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 01:24 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 01:24 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 01:24 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:18 . 2015-04-14 22:31 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-02-24 08:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"41A6E601A44F506D92A54D89F68E0E8872D6AEB3._service_run"="c:\users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe" [2015-05-13 813896]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-12 5515496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Adam Rosenfeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 43374104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2014-10-31 6634752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater18.1.7;vToolbarUpdater18.1.7;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 Unchecky;Unchecky;c:\program files (x86)\Unchecky\bin\Unchecky_svc.exe;c:\program files (x86)\Unchecky\bin\Unchecky_svc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 20:18]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26 22:03]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26 22:03]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core.job
- c:\users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18 11:51]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA.job
- c:\users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18 11:51]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004Core.job
- c:\users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 16:20]
.
2015-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004UA.job
- c:\users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 16:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-26 17:54 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2014-10-31 16:11 5893376 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2014-10-31 16:11 5893376 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: amazon.com\www
Trusted Zone: brokeragebuilder.com\www
Trusted Zone: reged.com\secure
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe
AddRemove-fileopenerpro - c:\program files (x86)\FileOpenerPro\uninstall.exe
AddRemove-GetSavin - c:\users\Adam Rosenfeld\AppData\Local\getsavin\uninst.exe
AddRemove-93417483.optimumapp.iptv.optimum.net - c:\program files\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe
AddRemove-WordOv - c:\users\Adam Rosenfeld\AppData\Local\WordOv\uninst.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_ \00\00 \00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~ \00\00 \00\00\00\00\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-05-23  17:54:19
ComboFix-quarantined-files.txt  2015-05-23 21:54
ComboFix2.txt  2013-09-30 11:16
.
Pre-Run: 291,475,116,032 bytes free
Post-Run: 290,907,480,064 bytes free
.
- - End Of File - - 2B9B55C1FA2393FE167998886FBAA76F
 
 
 
And the combofix log:
 
 
ComboFix 15-05-19.01 - Adam Rosenfeld 05/23/2015  17:39:59.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.2301 [GMT -4:00]
Running from: c:\users\Adam Rosenfeld\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-23 to 2015-05-23  )))))))))))))))))))))))))))))))
.
.
2015-05-23 21:49 . 2015-05-23 21:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-05-23 21:49 . 2015-05-23 21:49 -------- d-----w- c:\users\Kids\AppData\Local\temp
2015-05-23 21:49 . 2015-05-23 21:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-05-23 21:49 . 2015-05-23 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-23 01:01 . 2015-05-23 01:01 -------- d-----w- c:\programdata\Unchecky
2015-05-23 01:01 . 2015-05-23 01:01 -------- d-----w- c:\program files (x86)\Unchecky
2015-05-22 23:59 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5C88B02-75CA-446B-A26E-B9D1A5E6A03D}\mpengine.dll
2015-05-20 01:16 . 2015-05-23 20:44 -------- d-----w- C:\FRST
2015-05-14 01:14 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 01:14 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:29 . 2015-05-05 01:29 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-13 01:29 . 2015-05-05 01:12 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-13 01:29 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-05-13 01:29 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-05-13 01:27 . 2015-04-27 19:23 1254400 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-13 01:25 . 2015-04-08 03:29 1736192 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-05-13 01:24 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-13 01:24 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-13 01:24 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-13 01:24 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-13 01:24 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-13 01:24 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-13 01:24 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-04-26 17:54 . 2015-04-26 17:54 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-26 17:54 . 2015-04-26 17:54 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-23 20:52 . 2014-07-04 13:27 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-14 01:36 . 2011-08-25 00:47 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-13 01:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-26 17:54 . 2014-01-26 13:05 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-26 17:54 . 2013-11-06 03:39 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-26 17:54 . 2013-11-06 03:39 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-26 17:54 . 2014-04-22 01:32 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-26 17:54 . 2013-11-06 03:39 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-26 17:54 . 2013-11-06 03:39 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-26 17:54 . 2013-11-06 03:39 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-26 17:53 . 2013-11-06 03:39 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-26 17:53 . 2014-11-03 04:34 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-04-18 20:18 . 2012-09-01 04:06 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-18 20:18 . 2011-12-16 02:22 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 13:37 . 2014-07-04 13:25 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 13:37 . 2014-07-04 13:25 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 13:37 . 2013-02-23 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-14 07:38 . 2015-04-14 07:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-04-13 01:23 . 2015-03-28 13:50 129752 ----a-w- c:\windows\system32\drivers\27B51CDA.sys
2015-03-25 03:24 . 2015-04-14 22:32 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-14 22:32 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-14 22:32 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-14 22:32 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-14 22:32 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-14 22:32 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-14 22:32 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-14 22:32 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-14 22:32 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-14 22:32 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-14 22:32 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-14 22:32 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-14 22:32 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-14 22:32 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-14 22:32 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-14 22:32 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-14 22:32 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-14 22:32 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-14 22:32 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-14 22:32 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-14 22:32 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-14 22:32 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-14 22:32 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-14 22:32 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-14 22:32 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-14 22:32 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-14 22:32 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-14 22:32 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-14 22:32 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-14 22:32 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-14 22:30 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-14 22:30 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 01:24 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-13 01:24 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-14 22:30 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 01:24 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 01:24 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 01:24 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-25 03:18 . 2015-04-14 22:31 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-02-24 08:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"41A6E601A44F506D92A54D89F68E0E8872D6AEB3._service_run"="c:\users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\chrome.exe" [2015-05-13 813896]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-12 5515496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Adam Rosenfeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 43374104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2014-10-31 6634752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater18.1.7;vToolbarUpdater18.1.7;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 Unchecky;Unchecky;c:\program files (x86)\Unchecky\bin\Unchecky_svc.exe;c:\program files (x86)\Unchecky\bin\Unchecky_svc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 20:18]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26 22:03]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26 22:03]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core.job
- c:\users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18 11:51]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA.job
- c:\users\Adam Rosenfeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18 11:51]
.
2015-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004Core.job
- c:\users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 16:20]
.
2015-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004UA.job
- c:\users\Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 16:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-26 17:54 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2014-10-31 16:11 5893376 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2014-10-31 16:11 5893376 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: amazon.com\www
Trusted Zone: brokeragebuilder.com\www
Trusted Zone: reged.com\secure
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe
AddRemove-fileopenerpro - c:\program files (x86)\FileOpenerPro\uninstall.exe
AddRemove-GetSavin - c:\users\Adam Rosenfeld\AppData\Local\getsavin\uninst.exe
AddRemove-93417483.optimumapp.iptv.optimum.net - c:\program files\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe
AddRemove-WordOv - c:\users\Adam Rosenfeld\AppData\Local\WordOv\uninst.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_ \00\00 \00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~ \00\00 \00\00\00\00\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-05-23  17:54:19
ComboFix-quarantined-files.txt  2015-05-23 21:54
ComboFix2.txt  2013-09-30 11:16
.
Pre-Run: 291,475,116,032 bytes free
Post-Run: 290,907,480,064 bytes free
.
- - End Of File - - 2B9B55C1FA2393FE167998886FBAA76F
 

  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello again Adam,

Please download Junkware Removal Tool to your desktop.
 

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

After that

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

AdwCleaner.jpg

Click on Scan  and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

 

When you return please post

  • JRT.txt
  • AdwCleaner log

  • 0

Advertisements


#11
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.8 (05.23.2015:2)
OS: Windows 7 Home Premium x64
Ran by Adam Rosenfeld on Sat 05/23/2015 at 23:54:27.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\LyriXeeker-1-codedownloader
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\PIP
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\wininit.ini
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{09505B13-76AA-4887-B696-6E9830B35DE3}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{097F918F-B2F7-4FE7-8F63-5D398561A3B1}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{09F40291-5BD3-4A7D-8092-79A70E741D8D}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{0A388B86-7C86-4027-AE2C-5506852DBB31}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{0A8385AA-F093-40AD-AAC9-B5F244814B1E}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{14EC10E3-1905-4D23-801E-5BE2446D1030}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{165E4F62-11B6-4992-964E-0B1D205A6595}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{17218E8F-9080-42B0-A181-9BC1EC9A2890}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{174EE70C-4F78-4910-9E6F-22C39AD4EB08}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{1E10F313-B2EF-4633-AC3C-E5E2A76E80A8}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{219E3467-39B6-4A5D-A2FD-AB315D9C79E3}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{25D9F0EA-58CB-4133-8413-CB9FFD77209B}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{27AF9881-04B4-41ED-AFD6-7BC390EA6B88}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{2B6DA55D-F047-4245-BFD3-85972CFAB4FA}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{2C61172A-EEC2-4C2E-BC28-BD0ECEB99921}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{32A71310-12FE-411B-B9D3-00C6D0CCF115}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{35E97285-0807-4CB6-A21A-D86C00820B19}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{37DE10D9-FD64-4F7D-B221-1882F14D0DBA}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{3AD6B9D9-315F-408E-BC63-3F65FFE98701}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{3E23BBAC-AFDD-4E1D-920D-DC0A03EB28E8}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{416E0569-7669-4A0A-ADB4-16719AD2EC66}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{49BC127E-7C3C-42A7-8B5D-A3FE5941CB8D}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{49EE9BBC-CCB1-4DD8-A2CD-26E5F055F269}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{4B97A098-9AEA-4195-88E4-7FA74E5C2BF0}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{4BF11008-5D7E-4CD0-AC36-23D813EA1915}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{4F88C1B7-E65A-443B-A136-677DAFC7D1B1}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{538B07BB-32B6-4F05-BE50-6DB27CE9AFAC}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{5982D89C-5074-4BF1-8CE6-AA7DA430F485}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{5BC63A73-3CF2-427F-A0A7-81C069432BEF}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{5BED8AFD-AB30-4CD7-A915-5CE6BB7649F0}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{5C4C6B57-8301-4FAB-9C3D-75F27AD1F5EB}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{5E1DA66D-FACE-4DFE-9FB6-A5D795DE9F25}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{67E2D39F-88DA-4378-89C5-72D9609A3533}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{680966AF-6EC7-43F9-93A8-0CF987A7DA84}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{69414CA3-05CD-488C-BCAB-9F1DEB47FE50}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{6A308641-5D29-42C0-84DA-6DCE235DACD6}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{6C604DCD-FE1A-41EB-BF4E-A826917C16EF}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{7012275A-1320-499F-AC6A-A2F4D706D344}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{75DF2897-5753-4B1B-9325-6CBF926C2EDC}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{785BBA83-AAEE-44B7-BA88-DAF4164D80A9}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{79277C42-D151-4A49-8825-58D35735EE14}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{7C053E25-9827-4EE7-9F4F-C37A87373847}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{7C8535AF-D8FC-42C4-A863-2794FADE002C}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{84E64653-2FAD-4674-BF68-2BAAB8B10596}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{864B0C27-676D-4E0B-BBA8-84A6B16EE776}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{873AF48F-77DD-42FF-941F-5EDE7F3CAEE5}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{8B04DC94-4B10-4C59-A2AB-50F80DF315D2}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{8BA56AAF-CE8B-4B6F-95C9-051F4D34DFB6}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{912AC11F-73DD-4219-B76C-45475AED81D1}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{915AC48A-5A79-43D7-9D47-9B64B72504A3}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{94BC42A2-B077-4B38-8405-037333C9828B}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{97876063-DA05-4394-A66F-1715A62495C8}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{98567B3E-0CEE-4B0B-ADBA-8F025F61F17D}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{9BE8A9D1-5F25-43EF-9431-E02E593A3956}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{9C47346C-CFC1-4B7A-B7DB-E81C9E7CC94D}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{9C96C3C6-34CE-4985-A69A-99DE26542739}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{9D04F01D-2AF2-427D-9621-2BF339139543}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{9D60CD18-3C40-4737-9035-B6A2692B5AA9}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{A2626492-2C17-497B-B982-A3B1CE044FA6}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{A42E7D9C-E43C-4739-A59E-03886CEEC69C}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{A69003BD-9E2A-4A70-A949-0037DD5926B2}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{A8E0F425-BCE9-4823-A87C-7266768E1630}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{A924AD61-5443-4A95-BA56-32B43023318D}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{A9A6A73D-B894-4AA0-B039-E47C81997EF1}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{AEC7404A-23C1-4C94-B9F7-DC52C43E9F5B}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{B25E5951-C876-4FA3-B5A4-17878FF766C6}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{B39039AD-94FA-4B80-8C39-3A17E2E2261E}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{B42DBE1F-D8A8-4753-87E3-2331E1935634}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{B52294E1-9063-457C-AD26-D9FD52EC9974}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{B5B8B763-246A-4960-956F-364F981AD208}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{BD0956B3-BE07-483E-BC74-43B67E069569}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{BDBC965D-D11A-4C27-AFE0-4BA538959C76}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{BEF8F87A-E8E4-403D-BDA7-52D6F2E91343}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{C3CB622C-27D0-4E5A-BC05-F6B97A0D1D5B}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{C523472C-BE5F-4837-A3C5-0A8AE98ED63D}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{CAF34D84-7EE7-4929-AC10-E0D81467E402}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{CCBB16F6-1B6C-4569-9278-3B93AF2BB40C}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{D19C43FE-8420-44F9-A4C7-FD1265FF8892}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{D47FE6DE-0662-4160-935E-EEE45A6364D9}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{D56B5B77-C3DD-4C6D-9D21-56DD9DF20BBD}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{D584CCB3-05F2-47C6-8933-CBA8B5C4EF2D}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{D69D5D27-E607-4F54-AABA-77A8CC13848F}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{DB2F9D1E-8411-441A-971C-E7CC8A0C409B}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{DB36E60F-72A2-4A29-AE3E-7969E9613D60}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{DED8DF4C-AF39-4D94-AF17-44B47D89C15E}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{DF7C9268-B5ED-454C-9A44-D3D680948701}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{E0CB6426-92F9-496A-9920-FD1B0336F101}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{E22A5870-E8EF-4989-9295-D84F9761104F}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{E5DD6B8A-9C2C-4C77-80A7-9C37C31308A4}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{E66DB524-9AC3-44B5-B81E-E805A3567A12}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{E8B4AD30-956A-48C0-B82B-359BF678B775}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{EBCA5FBE-53A2-4167-AEF4-AF515B7D32A1}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{ECB995B6-D010-40AF-A3B8-86FD6233C9FC}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{EE658367-E4F0-4A48-B7D8-5580A2A6D89C}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{F4B53798-34BA-4F77-9ADE-6CF29CECE284}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{F50AFD0E-C41E-41FB-80C3-285FCBF5DFA4}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{F5486B96-94E3-476B-BCBE-E95FE760920A}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{F5F214F0-FF90-44DF-B62F-35CB5DA1009B}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{F7AF1694-BC21-45F1-87B4-8ED8FCBDDB5C}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{F7F88AC5-2FDE-46B6-B094-415428576626}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{F9F2A9F4-6A88-4AFA-94AE-8553509A5E64}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{FD075191-D28D-4692-B98B-AF7363A0F8B0}
Successfully deleted: [Folder] C:\ProgramData\avg safeguard toolbar
Successfully deleted: [Folder] C:\Users\Adam Rosenfeld\appdata\local\avg safeguard toolbar
Successfully deleted: [Folder] C:\Users\Adam Rosenfeld\appdata\locallow\avg safeguard toolbar
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Adam Rosenfeld\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/23/2015 at 23:59:39.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Thanks for that. I take it the AdwCleaner one is on it's way?


  • 0

#13
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts
Yes, it's running now. Seems hung up on "waiting for action. Please uncheck elements you want to keep."

The scan was already pressed and I'm not touching anything, right?
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Oh, it used to be when clicked the Clean button it finished it's job.

 

It's a while since I tested it on my own machine, perhaps it is different now.

 

The main thing is to tell it to go ahead and remove what it has found.

 

See if you can do that.

 

Tell me if you can't work it out. :)


  • 0

#15
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts
# AdwCleaner v4.205 - Logfile created 24/05/2015 at 00:26:23
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Adam Rosenfeld - ADAMROSENFELD
# Running from : C:\Users\Adam Rosenfeld\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater18.1.7
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\VideoConverter
Folder Deleted : C:\Users\Adam Rosenfeld\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Adam Rosenfeld\AppData\Roaming\HPAppData
Folder Deleted : C:\Users\Adam Rosenfeld\Documents\Updater
Folder Deleted : C:\Users\Guest\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Guest\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Kids\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Kids\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Kids\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Kids\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Kids\AppData\LocalLow\HPAppData
File Deleted : C:\Users\Adam Rosenfeld\AppData\Local\GDIPFONTCACHEV1.DAT
File Deleted : C:\Users\Adam Rosenfeld\AppData\Roaming\GDIPFONTCACHEV1.DAT
File Deleted : C:\Users\Adam Rosenfeld\AppData\Roaming\WBPU-TTL.DAT
File Deleted : C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
File Deleted : C:\Users\Kids\AppData\Local\GDIPFONTCACHEV1.DAT
File Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_answers.ask.com_0.localstorage
File Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Dealply
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B325F70-A984-421E-8407-06683E6EF03B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fileopenerpro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Google Chrome v
 
[C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [12934 bytes] - [24/05/2015 00:02:38]
AdwCleaner[S0].txt - [12776 bytes] - [24/05/2015 00:26:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12836  bytes] ##########

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP