Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware spyware pop ups windows 7 64 gb [Closed]

spyware malware

  • This topic is locked This topic is locked

#16
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dssole23

Next steps for you are a Malwarebytes scan and an ESET on line scan.

Step1 - Malwarebytes


Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
    MBAM2_zps52e3211b.png
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish,so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

  • Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


    Step2 - ESET on line scanner

    Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here. If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG

  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Things for your next post.
  • MBAM log
  • ESET log
  • Tell me what issues, if any, you are still having with your computer?

    Thanks


  • 0

Advertisements


#17
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/26/2015
Scan Time: 7:45:16 PM
Logfile: scan logggg.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.26.07
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: FAM

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 472057
Time Elapsed: 22 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 51
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [59e6e5b3444640f6eb6cbf9ea0630ef2],
PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [59e6e5b3444640f6eb6cbf9ea0630ef2],
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B60591CD-AA25-4261-B05A-77826471C0A3}, Quarantined, [59e6e5b3444640f6eb6cbf9ea0630ef2],
PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B60591CD-AA25-4261-B05A-77826471C0A3}, Quarantined, [59e6e5b3444640f6eb6cbf9ea0630ef2],
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [59e6e5b3444640f6eb6cbf9ea0630ef2],
PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [59e6e5b3444640f6eb6cbf9ea0630ef2],
PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [59e6e5b3444640f6eb6cbf9ea0630ef2],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [b38ceaae107a9a9c3cb3b6a783803bc5],
PUP.Optional.AdPeak.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [fa458e0abfcb90a6297487d9d13207f9],
PUP.Optional.AdPeak.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [fa458e0abfcb90a6297487d9d13207f9],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [0f304355d3b757dfd10d8511897a60a0],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [0f304355d3b757dfd10d8511897a60a0],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [0f304355d3b757dfd10d8511897a60a0],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [0f304355d3b757dfd10d8511897a60a0],
PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [be81e3b55a30989e80fc7327c3403fc1],
PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, Quarantined, [be81e3b55a30989e80fc7327c3403fc1],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [6cd3395fb7d3e74f1dc04353e122867a],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [6cd3395fb7d3e74f1dc04353e122867a],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [6cd3395fb7d3e74f1dc04353e122867a],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [6cd3395fb7d3e74f1dc04353e122867a],
PUP.Optional.Spigot, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [17289bfd870306305b2930340bf8d52b],
PUP.Optional.Spigot, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [17289bfd870306305b2930340bf8d52b],
PUP.Optional.SecureWeb.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [2a15c8d098f2f0468d095604ac57c13f],
PUP.Optional.SecureWeb.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, Quarantined, [2a15c8d098f2f0468d095604ac57c13f],
PUP.Optional.WeCare.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [81beb5e376143ef877f6a4f2c43fa65a],
PUP.Optional.WeCare.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [81beb5e376143ef877f6a4f2c43fa65a],
PUP.Optional.TidyNetwork.c, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dmidaiabaeipgkcooijbikmdcofhpakp, Quarantined, [132c7c1ceb9f46f06d83f385976ef40c],
PUP.Optional.Cinema.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Cinem4S-2.1, Quarantined, [f9463662f59596a017069271f014827e],
PUP.Optional.ProPCCleaner.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\ProPCCleanerLanguage, Quarantined, [f9465840d7b3f046757ce78fde27619f],
PUP.Optional.RapidMediaConverter.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\RapidMediaConverterApp, Quarantined, [63dcbfd93555bb7b6e00690d7b8a7789],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, Quarantined, [dc635642addd03339ff16cba32d2b749],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1775AFEF-E186-44EA-ACD9-67B17F2A49AE}, Quarantined, [132c77212c5e9e9802e22b4ca1649a66],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26CDCF69-EBEC-42B7-A875-D11A95852B1F}, Quarantined, [49f6841402881f17f1f21265f60f9070],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{49412456-155E-44DA-B7AF-FF3AF5AE48D4}, Quarantined, [cc733167098164d2f0f3adca31d4ed13],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{634875EA-7AD5-4BB5-B38A-50C2A02453AD}, Quarantined, [8eb1772133578da9d60e5621f90ca957],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MySearchDial, Quarantined, [5be45a3e2f5b35012a7589bbe61f7b85],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\RrSavings, Quarantined, [af907721414906305e6642da40c43bc5],
PUP.Optional.WeCare, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\wecarereminder, Quarantined, [d56ad3c596f43ff79280a366a361f10f],
PUP.Optional.PassShow.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\APPDATALOW\SOFTWARE\PassShow, Quarantined, [c47b23755b2f61d5a5325e9d1ce7966a],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, Quarantined, [df6013852763c96d7f47db410ef6748c],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\APPDATALOW\SOFTWARE\rrsavings, Quarantined, [2916336582083cfa4283908c2fd54fb1],
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, Quarantined, [003f4157b7d3290d7267ca5f29db35cb],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Quarantined, [70cfd5c3b3d713238d1e4c16986d6a96],
PUP.Optional.WeCare, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [a996adeb583224128692d930cc380bf5],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{27A9247F-A461-4EE0-A29B-D872DB2988B3}, Quarantined, [49f6abedfd8d5fd73477449d08fb1de3],
PUP.Optional.SevereWeatherAlerts.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SevereWeatherAlerts.exe, Quarantined, [63dc30681674d95dc698d487d72e7789],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\SEARCH SETTINGS, Quarantined, [2d12e2b6d7b339fdab2eb64a0df7c13f],
PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\SYSTWEAK\Advanced System Protector, Quarantined, [9ea1d5c32f5b3ff7b6f4897a55afda26],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [201f31671a708ea839004cfdab5ada26],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\SYSTWEAK\ssd, Quarantined, [330cdeba6a20b383f3200ffe966e4bb5],
PUP.Optional.ConsumerInput.C, HKU\S-1-5-21-1926916054-430606287-3612663155-1002\SOFTWARE\ConsumerInput, Quarantined, [44fb0f8926645adc240a5989d92abd43],

Registry Values: 10
PUP.Optional.Groovorio.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Groovorio\\, Quarantined, [e35c96026b1f171f6f7ef9e6f31025db]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1775AFEF-E186-44EA-ACD9-67B17F2A49AE}|AppName, 2be3c7e5-3ce4-41fe-9379-af26fc6b1dc4-2.exe-codedownloader.exe, Quarantined, [132c77212c5e9e9802e22b4ca1649a66]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26CDCF69-EBEC-42B7-A875-D11A95852B1F}|AppName, 2be3c7e5-3ce4-41fe-9379-af26fc6b1dc4-2.exe-buttonutil.exe, Quarantined, [49f6841402881f17f1f21265f60f9070]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{49412456-155E-44DA-B7AF-FF3AF5AE48D4}|AppName, 2be3c7e5-3ce4-41fe-9379-af26fc6b1dc4-2.exe-buttonutil.exe, Quarantined, [cc733167098164d2f0f3adca31d4ed13]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{634875EA-7AD5-4BB5-B38A-50C2A02453AD}|AppName, 2be3c7e5-3ce4-41fe-9379-af26fc6b1dc4-2.exe-codedownloader.exe, Quarantined, [8eb1772133578da9d60e5621f90ca957]
PUP.Optional.Spigot.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{27A9247F-A461-4EE0-A29B-D872DB2988B3}|URL, http://search.yahoo....={searchTerms},Quarantined, [49f6abedfd8d5fd73477449d08fb1de3]
PUP.Optional.Spigot.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{27A9247F-A461-4EE0-A29B-D872DB2988B3}|OSDFileURL, file:///C:/Program%20Files%20(x86)/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, Quarantined, [c976a3f5e6a42214d4de116757ae48b8]
PUP.Optional.InstallX, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|InstallX Search Protect for Yahoo, "C:\Users\Darwin\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe", Quarantined, [c17eb1e7484267cf2f6b72ac4eb64fb1]
PUP.Optional.PassShow.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{591f9d2f-ffb2-4bbe-98fc-2fb86649c789}, C:\Program Files (x86)\PassShow-soft\157.xpi, Quarantined, [b8871286652557dffdd94bcfa95b6b95]
PUP.Optional.Spigot.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\SEARCH SETTINGS|GCProtected, 1, Quarantined, [2d12e2b6d7b339fdab2eb64a0df7c13f]

Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-1926916054-430606287-3612663155-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.yahoo....r=spigot-yhp-ie, Good: (www.google.com), Bad: (http://search.yahoo.com/?type=114576&fr=spigot-yhp-ie),Replaced,[7ec15a3ec9c151e5972d4cd45babd030]

Folders: 31
PUP.Optional.InstallX.A, C:\Users\Darwin\AppData\Roaming\InstallX Search Protect for Yahoo, Quarantined, [b38c2b6df4968da93c2afbb69172f010],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected], Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\defaults, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\defaults\preferences, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\locale, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\addon-kit, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\addon-kit\data, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\addon-kit\lib, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\data, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\event, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\addon, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\content, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\dom, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\events, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\l10n, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\private-browsing, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\system, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\tabs, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\traits, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\utils, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\window, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\windows, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\RrSavings, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\RrSavings\data, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\RrSavings\lib, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\RrSavings\tests, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs, Quarantined, [b9866236137772c4c1c2d2ef739044bc],

Files: 115
PUP.Optional.AdPeak.A, C:\temp\t.msi, Quarantined, [81be5d3bfa905dd90554d11aea1b52ae],
PUP.Optional.SafeInstall.A, C:\Users\Darwin\Downloads\7zip_14395_stf.exe, Quarantined, [c07f7f19593153e3b1eaf93d59a711ef],
PUP.Optional.ClientConnect, C:\Users\Darwin\Downloads\InstallConverter_TSV28P2QM.exe, Quarantined, [89b6e8b06c1e8ea87ff4d7fc44bda65a],
PUP.Optional.AirAdInstaller, C:\Users\FAM\Downloads\BitTorrent Setup.exe, Quarantined, [ee51bcdc3c4e2b0bd384fa4224dcfa06],
PUP.Optional.WeCare.A, C:\Windows\Installer\4a8260.msi, Quarantined, [cb748d0b7c0e1c1a3200d74a13ed966a],
PUP.Optional.Taimed.SID.C, C:\Users\FAM\Desktop\ts\Adobe_Photoshop_CS6_13.0.1_Final__Multilanguage_(cracked_dll)_[C.exe, Quarantined, [c877dbbd2e5cfd39d019baace81e3bc5],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\plsapp64.dll, Quarantined, [5ee18018ec9e96a05781eb84e91c639d],
PUP.Optional.InstallX, C:\Users\Darwin\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe, Quarantined, [c17eb1e7484267cf2f6b72ac4eb64fb1],
PUP.Optional.InstallX.A, C:\Users\Darwin\AppData\Roaming\InstallX Search Protect for Yahoo\config.xml, Quarantined, [b38c2b6df4968da93c2afbb69172f010],
PUP.Optional.InstallX.A, C:\Users\Darwin\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.zip, Quarantined, [b38c2b6df4968da93c2afbb69172f010],
PUP.Optional.InstallX.A, C:\Users\Darwin\AppData\Roaming\InstallX Search Protect for Yahoo\SearchProtectorMonitor.log, Quarantined, [b38c2b6df4968da93c2afbb69172f010],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\bootstrap.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\harness-options.json, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\icon.png, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\install.rdf, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\locales.json, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\defaults\preferences\prefs.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\addon-kit\lib\page-mod.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\addon-kit\lib\private-browsing.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\addon-kit\lib\request.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\addon-kit\lib\windows.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\observer-service.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\api-utils.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\base64.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\byte-streams.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\collection.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\content.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\cortex.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\cuddlefish.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\deprecate.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\environment.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\errors.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\events.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\file.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\functional.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\globals.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\heritage.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\hidden-frame.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\light-traits.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\list.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\loader.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\match-pattern.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\memory.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\namespace.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\plain-text-console.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\preferences-service.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\promise.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\querystring.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\runtime.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\sandbox.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\self.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\system.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\text-streams.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\timer.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\traceback.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\traits.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\unload.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\url.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\uuid.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\window-utils.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\xhr.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\xpcom.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\xul-app.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\event\core.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\event\target.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\addon\runner.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\content\content-proxy.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\content\content-worker.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\content\loader.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\content\symbiont.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\content\worker.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\dom\events.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\events\assembler.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\l10n\core.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\l10n\html.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\l10n\loader.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\l10n\locale.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\l10n\prefs.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\private-browsing\utils.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\system\events.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\tabs\events.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\tabs\observer.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\tabs\tab.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\tabs\utils.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\traits\core.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\utils\data.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\utils\object.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\utils\registry.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\utils\thumbnail.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\window\utils.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\windows\dom.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\windows\loader.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\windows\observer.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\api-utils\lib\windows\tabs.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\RrSavings\data\icon64.png, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.RRSavings.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\extensions\[email protected]\resources\RrSavings\lib\main.js, Quarantined, [72cdf2a6c4c650e6f87d714460a302fe],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav-groups, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\favs##df0f463ed133f57791f67ba7f327d25e, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\redirects, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\2671d3fb16ea07dbb81b8ccdf501c165, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\38de03c18cfd4181ee7b1cd4d077d0d8, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\4244d335d1a38914845209eccf153b9c, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\539823dcee59457d0cb9c837a078c290, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\5828ac62a5e15f5e5baa6afc64112c22, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\6387db0db45dcf4b7ed5969fd927705c, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\74425def8486b4e28e1bedb6fc0bd085, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\76a325e35084eec0661b80b383735553, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\95dded5778628e942a81ae9461182d83, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\a3cde83cbce2a47ec9560847d152b080, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\bcba01c77c4d70407e62c519e02bf676, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\d4e7e6a903620fb4b1b85a5113630971, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\e1a66ed919731edb2a2a98f544c9a2ab, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\ec3c1a184171e79a9f6a9f2c6642f653, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Groovorio.A, C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\nspdlgrvrio\fav_thumbs\f2c300e617c46ae3552dc88cbc59c8ff, Quarantined, [b9866236137772c4c1c2d2ef739044bc],
PUP.Optional.Spigot.A, C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.yahoo....=114576&p=");),Replaced,[70cf1c7caae0e2542dea3c2d0bfbcc34]

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#18
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

C:\AdwCleaner\Quarantine\C\Windows\mlwps.exe.vir    a variant of Win32/Techsnab.J potentially unwanted application    
C:\FRST\Quarantine\C\Users\FAM\AppData\Roaming\313A.tmp.exe.xBAD    Win32/Techsnab.H potentially unwanted application    
C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Users\Darwin\AppData\Roaming\Search Protection\SearchProtection.exe.vir    a variant of Win32/Toolbar.Widgi.J potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Darwin\AppData\Roaming\Search Protection\Uninstall.exe.vir    a variant of Win32/Toolbar.Widgi.J potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Darwin\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir    Win32/Systweak.G potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\FAM\AppData\Local\TNT2\2.0.0.1950\Autorun.inf.vir    Win32/Toolbar.TNT2.F potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\FAM\AppData\Local\TNT2\2.0.0.1950\IEToolbar.dll.vir    a variant of Win32/Toolbar.TNT2.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\FAM\AppData\Local\TNT2\2.0.0.1950\IEToolbar64.dll.vir    a variant of Win32/Toolbar.TNT2.E potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\FAM\AppData\Local\TNT2\2.0.0.1950\npTNT2.dll.vir    a variant of Win32/Toolbar.TNT2.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\FAM\AppData\Local\TNT2\2.0.0.1950\passport.dll.vir    a variant of Win32/Toolbar.TNT2.E potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\FAM\AppData\Local\TNT2\2.0.0.1950\passport64.dll.vir    a variant of Win32/Toolbar.TNT2.E potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\FAM\AppData\Local\TNT2\2.0.0.1950\TNT2UserPS64.dll.vir    a variant of Win32/Toolbar.TNT2.E potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\FAM\AppData\Local\TNT2\2.0.0.1950\xpi.tar.vir    Win32/Toolbar.TNT2.I potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Gamma Task Menager\itchromium.exe    a variant of Win32/Techsnab.H potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Gamma Task Menager\itweb.dll    a variant of Win32/Techsnab.H potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Gamma Task Menager\jsff.exe    a variant of Win32/Techsnab.H potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll    a variant of Win32/Toolbar.Montiera.A potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll    a variant of Win32/Toolbar.Montiera.A potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe    a variant of Win32/Toolbar.Montiera.A potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll    a variant of Win32/Toolbar.Montiera.F potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll    a variant of Win32/Toolbar.Escort.A potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Users\FAM\AppData\Roaming\Getprivate VPN\GetPrivate.exe    a variant of Win32/Techsnab.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\InstallConverter bundle uninstaller\uninstaller.exe    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    deleted - quarantined
C:\Users\Darwin\Downloads\cbsidlm-cbsi188-Windows_Essentials_Media_Codec_Pack-ORG-10662709.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
 


  • 0

#19
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

pc is running smooth


  • 0

#20
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dssole23

Were nearly finished so please stick with me a bit longer. :)

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

C:\Windows\tasks\ImCleanDisabled
C:\Users\All Users\IObit
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Security Check
  • Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Step3 - Fresh FRST scan
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.


    Things for your next post:
  • fixlog.txt
  • checkup.txt
  • FRST.txt
  • Addition.txt

    Thanks

  • 0

#21
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by FAM at 2015-05-27 20:29:22 Run:2
Running from C:\Users\FAM\Desktop
Loaded Profiles: FAM (Available Profiles: FAM & Darwin & b)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Windows\tasks\ImCleanDisabled
C:\Users\All Users\IObit
EmptyTemp:
*****************

C:\Windows\tasks\ImCleanDisabled => Moved successfully.
C:\Users\All Users\IObit => Moved successfully.
EmptyTemp: => Removed 577.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:29:39 ====


  • 0

#22
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Disabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71  
 Java 8 Update 31  
 Java 8 Update 45  
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox (38.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 


  • 0

#23
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by FAM at 2015-05-27 20:36:46
Running from C:\Users\FAM\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1926916054-430606287-3612663155-500 - Administrator - Disabled)
b (S-1-5-21-1926916054-430606287-3612663155-1002 - Limited - Enabled) => C:\Users\b
Darwin (S-1-5-21-1926916054-430606287-3612663155-1001 - Administrator - Enabled) => C:\Users\Darwin
FAM (S-1-5-21-1926916054-430606287-3612663155-1000 - Administrator - Enabled) => C:\Users\FAM
Guest (S-1-5-21-1926916054-430606287-3612663155-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{58E93CCD-C0B4-C0FB-8FA0-AC56CC4344C7}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
CopyTrans Suite Remove Only (HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\CopyTrans Suite) (Version: 3.01 - WindSolutions)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CWA Reminder by We-Care.com v4.1.26.3 (HKLM-x32\...\{26B4D0E1-6F6D-48DF-8719-80276A259F7E}) (Version: 4.1.26.3 - We-Care.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Getprivate VPN version 1.0 (HKLM-x32\...\{43A12E1B-6532-4C90-90A5-60972044DFED}_is1) (Version: 1.0 - ) <==== ATTENTION
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6374.0 - IDT)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Windows Essentials Media Codec Pack 4.7 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.7 - Media Codec)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

16-05-2015 12:00:36 Scheduled Checkpoint
17-05-2015 03:01:04 Windows Update
22-05-2015 18:09:41 Windows Update
24-05-2015 10:49:30 Removed CWA Reminder by We-Care.com v4.1.26.3
24-05-2015 10:50:02 Removed CWA Reminder by We-Care.com v4.1.26.3
24-05-2015 10:50:40 Removed CWA Reminder by We-Care.com v4.1.26.3
24-05-2015 10:51:57 Removed CWA Reminder by We-Care.com v4.1.26.3

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-05-24 14:10 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A6630C-6EC4-430B-AD49-B8FD359E93EA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {5254E8EA-5A60-44F4-A4F1-7DD9346913AB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {8940DA69-B379-4B24-B0C4-137618316FC6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {9AF9D141-1338-4BB0-830E-00303C5299C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A17C5EA0-8C9E-48FF-A753-9D7E6C180017} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A28850A8-97CA-45D9-AF71-388B4E49B57A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {AB93213E-7B02-4FFA-9E8C-3876736A17A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BF62AC96-6823-40FA-8003-F7C453BC9FD0} - System32\Tasks\HPCeeScheduleForFAM => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C2B7DF03-1845-44EC-B631-DA15342EF3FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {C5A5741F-A037-488A-B402-A0BD97A047F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {D452B218-5803-4F20-9F16-2CB240E070FC} - System32\Tasks\HPCeeScheduleForFAM-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E21181FD-2A20-4C78-9549-B9322CBB2398} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {FD7392F9-FCB3-48CF-8CFD-4600227BDF89} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFAM-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFAM.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2012-01-21 00:13 - 2012-01-21 00:13 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-02 16:03 - 2011-11-02 16:03 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-12 22:58 - 2014-02-12 22:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 16:05 - 2014-10-11 16:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1926916054-430606287-3612663155-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\FAM\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{893C1C72-7A8A-4674-AF13-80B4EF59BF55}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{00FC884E-945C-4B8F-9638-D310826351AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD5033F9-DC97-4074-88B2-839967926480}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{2645019C-00B8-4568-81F7-C4602D13B856}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{786208E6-3F31-4FA8-B43A-58C47711FCF2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BDE00AFE-2AAE-4D2B-8EB2-60DC2B2D6F51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2015 08:30:47 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\BlueStacks\Android\kernel.elf'.
File name: 'C:\ProgramData\BlueStacks\Android\kernel.elf'
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/27/2015 08:29:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x17c4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/27/2015 08:24:04 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\BlueStacks\Android\kernel.elf'.
File name: 'C:\ProgramData\BlueStacks\Android\kernel.elf'
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/26/2015 11:47:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/26/2015 08:24:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/26/2015 08:24:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/26/2015 08:24:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/26/2015 08:23:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/26/2015 08:23:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/26/2015 08:23:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.


System errors:
=============
Error: (05/27/2015 08:30:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (05/27/2015 08:24:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (05/26/2015 08:17:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (05/26/2015 08:16:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (05/26/2015 06:13:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (05/25/2015 06:09:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (05/25/2015 06:08:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (05/25/2015 06:08:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (05/25/2015 06:08:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (05/25/2015 06:08:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (05/27/2015 08:30:47 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\BlueStacks\Android\kernel.elf'.
File name: 'C:\ProgramData\BlueStacks\Android\kernel.elf'
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/27/2015 08:29:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa117c401d098e51ab3847fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf83bee72-04d8-11e5-afc1-9cb70d9d0814

Error: (05/27/2015 08:24:04 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\BlueStacks\Android\kernel.elf'.
File name: 'C:\ProgramData\BlueStacks\Android\kernel.elf'
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/26/2015 11:47:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/26/2015 08:24:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\FAM\Desktop\esetsmartinstaller_enu.exe

Error: (05/26/2015 08:24:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\FAM\Desktop\esetsmartinstaller_enu.exe

Error: (05/26/2015 08:24:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\FAM\Desktop\esetsmartinstaller_enu.exe

Error: (05/26/2015 08:23:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\FAM\Desktop\esetsmartinstaller_enu.exe

Error: (05/26/2015 08:23:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\FAM\Desktop\esetsmartinstaller_enu.exe

Error: (05/26/2015 08:23:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\FAM\Desktop\esetsmartinstaller_enu.exe


==================== Memory info ===========================

Processor: AMD A10-5700 APU with Radeon™ HD Graphics
Percentage of memory in use: 30%
Total physical RAM: 9654.91 MB
Available physical RAM: 6698.61 MB
Total Pagefile: 19308.03 MB
Available Pagefile: 16279.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1851.65 GB) (Free:1744.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.27 GB) (Free:1.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D1C61B68)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1851.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#24
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dssole23

Please post the latest FRST.txt log as well please. You will find this on your desktop.

Thanks
  • 0

#25
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by FAM at 2015-05-27 20:29:22 Run:2
Running from C:\Users\FAM\Desktop
Loaded Profiles: FAM (Available Profiles: FAM & Darwin & b)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Windows\tasks\ImCleanDisabled
C:\Users\All Users\IObit
EmptyTemp:
*****************

C:\Windows\tasks\ImCleanDisabled => Moved successfully.
C:\Users\All Users\IObit => Moved successfully.
EmptyTemp: => Removed 577.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:29:39 ====


  • 0

Advertisements


#26
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
hi.
you have posted the fixlog report. i need the one called FRST.txt .
cheers.
  • 0

#27
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by FAM (administrator) on FAM-HP on 27-05-2015 20:35:59
Running from C:\Users\FAM\Desktop
Loaded Profiles: FAM (Available Profiles: FAM & Darwin & b)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-13] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2011-12-13] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\Run: [Epson Stylus NX420(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-08-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {710C628C-481E-4E06-A686-3BB08FFC516E} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {710C628C-481E-4E06-A686-3BB08FFC516E} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {710C628C-481E-4E06-A686-3BB08FFC516E} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {9108B9A2-C3B1-4CCA-AEA5-A60B078BC9B0} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default
FF Keyword.URL: https://search.yahoo...US0D20150113&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-04-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2011-12-13] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 USBPNPA; system32\drivers\CM10864.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 20:35 - 2015-05-27 20:36 - 00020282 _____ () C:\Users\FAM\Desktop\FRST.txt
2015-05-27 20:31 - 2015-05-27 20:31 - 00852639 _____ () C:\Users\FAM\Desktop\SecurityCheck.exe
2015-05-27 20:29 - 2015-05-27 20:29 - 00000000 ____D () C:\Users\FAM\Desktop\FRST-OlderVersion
2015-05-27 00:09 - 2015-05-27 00:09 - 00004264 _____ () C:\Users\FAM\Desktop\bett.txt
2015-05-26 20:23 - 2015-05-26 20:23 - 02347384 _____ (ESET) C:\Users\FAM\Desktop\esetsmartinstaller_enu.exe
2015-05-26 19:43 - 2015-05-26 20:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-26 19:43 - 2015-05-26 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-26 19:43 - 2015-05-26 19:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-26 19:43 - 2015-05-26 19:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-26 19:43 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-26 19:43 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-26 19:43 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-26 19:42 - 2015-05-26 19:42 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\FAM\Desktop\mbam-setup-majorgeeks-2.1.6.1022.exe
2015-05-26 18:19 - 2015-05-26 18:19 - 00008360 _____ () C:\Windows\system32\lvcoinst.log
2015-05-26 18:19 - 2015-05-26 18:19 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2015-05-25 18:06 - 2015-05-25 18:08 - 00000000 ____D () C:\AdwCleaner
2015-05-25 18:06 - 2015-05-25 18:06 - 02223104 _____ () C:\Users\FAM\Desktop\AdwCleaner.exe
2015-05-25 11:04 - 2015-05-27 00:58 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\OBS
2015-05-25 11:04 - 2015-05-25 11:04 - 07072745 _____ () C:\Users\FAM\Downloads\OBS_0_651b_Installer.exe
2015-05-25 11:04 - 2015-05-25 11:04 - 00000937 _____ () C:\Users\FAM\Desktop\Open Broadcaster Software.lnk
2015-05-25 11:04 - 2015-05-25 11:04 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-05-25 00:05 - 2015-05-25 00:05 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2015-05-24 23:17 - 2015-05-24 23:17 - 00003694 _____ () C:\Users\FAM\Desktop\JRT.txt
2015-05-24 23:14 - 2015-05-24 23:14 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FAM-HP-Windows-7-Home-Premium-(64-bit).dat
2015-05-24 23:13 - 2015-05-24 23:13 - 02945770 _____ (Thisisu) C:\Users\FAM\Desktop\JRT.exe
2015-05-24 23:13 - 2015-05-24 23:13 - 00000000 ____D () C:\RegBackup
2015-05-23 16:29 - 2015-05-24 10:45 - 00000000 ____D () C:\Users\b\AppData\Roaming\SoftGrid Client
2015-05-23 16:29 - 2015-05-23 16:29 - 00000000 ____D () C:\Users\b\AppData\Local\SoftGrid Client
2015-05-23 14:33 - 2015-05-23 14:34 - 00000000 ____D () C:\Users\b\Desktop\litvpics
2015-05-23 14:07 - 2015-05-23 14:07 - 00000000 __SHD () C:\Users\b\AppData\Local\EmieBrowserModeList
2015-05-22 19:01 - 2015-05-22 19:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-22 17:59 - 2015-05-27 20:36 - 00000000 ____D () C:\FRST
2015-05-22 17:59 - 2015-05-27 20:29 - 02108928 _____ (Farbar) C:\Users\FAM\Desktop\FRST64.exe
2015-05-22 17:47 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-05-17 03:03 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 03:03 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 16:42 - 2015-05-16 16:42 - 00000000 ____D () C:\Users\b\AppData\Local\Apple
2015-05-16 12:18 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-16 12:18 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-16 12:18 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-16 12:18 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-16 12:18 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-16 12:18 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-16 12:18 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-16 12:18 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-16 12:18 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-16 12:18 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-16 12:18 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-16 12:18 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-16 12:18 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-16 12:18 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-16 12:18 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-16 12:18 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-16 12:18 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-16 12:18 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-16 12:18 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-16 12:18 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-16 12:18 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-16 12:18 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-16 12:18 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-16 12:18 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-16 12:18 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-16 12:18 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-16 12:18 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-16 12:18 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-16 12:18 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-16 12:18 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-16 12:18 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-16 12:18 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-16 12:18 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-16 12:18 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-16 12:18 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-16 12:18 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-16 12:18 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-16 12:18 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-16 12:18 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-16 12:18 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-16 12:18 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-16 12:18 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-16 12:18 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-16 12:18 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-16 12:18 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-16 12:18 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-16 12:18 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-16 12:18 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-16 12:18 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-16 12:18 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-16 12:18 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-16 12:18 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-16 12:18 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-16 12:18 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-16 12:18 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-16 12:17 - 2015-04-27 14:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-16 12:17 - 2015-04-27 14:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-16 12:17 - 2015-04-27 14:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-16 12:17 - 2015-04-27 14:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-16 12:17 - 2015-04-27 14:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-16 12:17 - 2015-04-27 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-16 12:17 - 2015-04-27 14:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-16 12:17 - 2015-04-27 14:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-16 12:17 - 2015-04-27 14:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-16 12:17 - 2015-04-27 14:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-16 12:17 - 2015-04-27 14:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-16 12:17 - 2015-04-27 14:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-16 12:17 - 2015-04-27 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-16 12:17 - 2015-04-27 14:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-16 12:17 - 2015-04-27 14:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-16 12:17 - 2015-04-27 14:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-16 12:17 - 2015-04-27 14:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-16 12:17 - 2015-04-27 14:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-16 12:17 - 2015-04-27 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-16 12:17 - 2015-04-27 14:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-16 12:17 - 2015-04-27 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-16 12:17 - 2015-04-27 14:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-16 12:17 - 2015-04-27 14:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-16 12:17 - 2015-04-27 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-16 12:17 - 2015-04-27 14:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-16 12:17 - 2015-04-27 14:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-16 12:17 - 2015-04-27 12:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-16 12:17 - 2015-04-27 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-16 12:17 - 2015-04-27 12:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 12:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-16 12:17 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-16 12:17 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-16 12:17 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-16 12:17 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-16 12:17 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-16 12:17 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-16 12:17 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-16 12:17 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-16 12:17 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-16 12:17 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-16 12:17 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-16 12:17 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-16 12:17 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-16 12:17 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-16 12:17 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-16 12:17 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-16 12:17 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-16 12:17 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-16 12:17 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-16 12:17 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-16 12:17 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-16 12:14 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-16 12:14 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-16 12:14 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-16 12:14 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-16 12:14 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-16 12:14 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-16 12:14 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-10 17:53 - 2015-05-10 17:53 - 00000000 ____D () C:\Users\b\AppData\Roaming\Opera Software
2015-05-10 17:53 - 2015-05-10 17:53 - 00000000 ____D () C:\Users\b\AppData\Local\Opera Software
2015-05-09 14:58 - 2015-05-25 00:06 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\Opera Software
2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\FAM\AppData\Local\Opera Software
2015-05-06 22:02 - 2015-05-06 22:02 - 00000000 ____D () C:\Users\b\AppData\Local\Steam
2015-05-06 21:03 - 2015-05-06 21:03 - 00000000 _____ () C:\Users\b\Sti_Trace.log
2015-05-04 21:21 - 2015-05-04 21:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-04 21:21 - 2015-05-04 21:21 - 00002049 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-04 21:21 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-04 21:21 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-04 21:21 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-04 21:21 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-04 21:21 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-04 21:21 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-04 21:21 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-04 21:21 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-04 21:21 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-04 21:21 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-04 21:21 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-04 21:21 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-04 21:21 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-04 21:21 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-04 21:21 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-04 21:21 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-04 21:21 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-04 21:21 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-04 21:21 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-04 21:21 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-04 21:21 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-04 21:21 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-04 21:21 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-04 21:20 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-04 21:16 - 2015-05-04 22:43 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2015-05-04 21:15 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-04 21:15 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-30 20:50 - 2015-05-04 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-30 20:50 - 2015-05-04 21:00 - 00000000 ____D () C:\Program Files\CCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 20:35 - 2009-07-14 00:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-27 20:34 - 2014-04-01 04:01 - 01531560 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 20:30 - 2012-08-01 19:10 - 00000000 ____D () C:\ProgramData\PDFC
2015-05-27 20:30 - 2010-11-20 22:47 - 00828184 _____ () C:\Windows\PFRO.log
2015-05-27 20:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 20:30 - 2009-07-13 23:51 - 00070080 _____ () C:\Windows\setupact.log
2015-05-27 20:30 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-27 20:30 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 20:29 - 2014-04-03 02:25 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\SoftGrid Client
2015-05-27 20:29 - 2014-04-02 04:15 - 00000000 ____D () C:\Users\FAM\AppData\Local\CrashDumps
2015-05-27 20:29 - 2014-04-01 04:06 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6F6F417E-8EB2-478C-9F97-93DDA3B32B89}
2015-05-27 20:28 - 2014-04-01 21:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 01:05 - 2014-04-20 20:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-27 00:08 - 2014-04-02 22:12 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForFAM-HP$
2015-05-27 00:08 - 2014-04-02 22:12 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForFAM-HP$.job
2015-05-26 20:15 - 2014-05-03 12:42 - 00000000 ____D () C:\temp
2015-05-25 11:04 - 2015-04-24 00:28 - 00000000 ____D () C:\Program Files\OBS
2015-05-25 11:04 - 2015-04-24 00:28 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-05-25 00:05 - 2014-12-10 09:17 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-05-25 00:05 - 2014-05-03 11:46 - 00001290 _____ () C:\Users\FAM\Desktop\CopyTrans Control Center.lnk
2015-05-24 23:17 - 2014-05-07 02:36 - 00000000 ____D () C:\Users\FAM\Desktop\ts
2015-05-24 14:11 - 2014-11-19 12:18 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForFAM.job
2015-05-24 10:50 - 2014-11-19 12:18 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForFAM
2015-05-24 10:44 - 2014-08-29 01:01 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9B7F23A-8D1A-4463-876F-696EE13FB47F}
2015-05-23 12:05 - 2014-04-01 04:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 18:09 - 2015-04-07 00:38 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-22 18:09 - 2015-04-07 00:38 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-22 17:48 - 2015-01-13 22:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-22 17:46 - 2015-01-13 22:30 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-05-18 20:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-05-17 03:30 - 2014-04-03 05:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-17 03:30 - 2014-04-03 05:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-17 03:30 - 2009-07-13 23:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-17 03:28 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 03:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-17 03:12 - 2014-04-03 02:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-17 03:12 - 2011-02-11 12:15 - 00799564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-17 03:10 - 2014-05-20 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-17 03:06 - 2014-05-20 20:27 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-17 03:03 - 2014-04-03 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-06 21:31 - 2014-08-29 01:01 - 00000000 ____D () C:\Users\b\AppData\Roaming\Apple Computer
2015-05-06 21:03 - 2014-08-29 00:59 - 00000000 ____D () C:\Users\b
2015-05-06 20:29 - 2014-04-02 22:28 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-06 20:28 - 2014-04-23 23:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-05-05 03:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-05 03:16 - 2014-12-10 09:10 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-05 03:16 - 2014-05-07 04:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-04 22:32 - 2014-04-01 04:13 - 00001112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-04 22:32 - 2014-04-01 04:13 - 00001100 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-04 22:32 - 2014-04-01 04:06 - 00001357 _____ () C:\Users\FAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-04 21:52 - 2015-02-22 18:31 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-04 21:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-04 21:22 - 2014-12-23 15:31 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-04 21:21 - 2012-08-01 19:07 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-04 21:19 - 2014-09-09 12:42 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\Skype
2015-05-04 21:19 - 2012-08-01 19:05 - 00000000 ____D () C:\ProgramData\Skype
2015-05-04 21:18 - 2015-02-22 18:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-04 21:18 - 2014-05-17 03:13 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-04 21:18 - 2014-05-17 03:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-04 21:16 - 2014-10-15 12:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-04 21:15 - 2014-05-03 13:14 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-04 21:10 - 2012-08-01 19:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-04 21:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2015-05-04 21:04 - 2014-04-01 04:01 - 00000000 ____D () C:\Users\FAM
2015-05-04 21:02 - 2014-09-13 14:24 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-04 21:00 - 2015-03-25 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-04 21:00 - 2015-02-22 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-04 21:00 - 2014-12-10 09:17 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-04 21:00 - 2014-10-15 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-04 21:00 - 2014-08-29 00:50 - 00000000 ____D () C:\Windows\Minidump
2015-05-04 21:00 - 2014-05-03 11:55 - 00000000 ____D () C:\Users\Darwin
2015-05-04 21:00 - 2014-05-03 11:46 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-04 21:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-04 20:59 - 2015-04-24 22:31 - 00000000 ____D () C:\Users\FAM\Desktop\Instagram Mega Bot - Build v.4.0.2.4
2015-05-04 20:59 - 2014-04-01 04:06 - 00000000 ____D () C:\Users\FAM\AppData\Local\VirtualStore
2015-05-04 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-05-04 20:57 - 2015-01-13 22:41 - 00000000 ____D () C:\Program Files\McAfee
2015-05-04 20:57 - 2014-09-13 14:23 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-04 20:56 - 2014-04-03 02:40 - 00000000 __RHD () C:\MSOCache
2015-04-30 20:51 - 2011-02-11 12:00 - 00000000 ____D () C:\Windows\Panther

==================== Files in the root of some directories =======

2014-09-13 15:16 - 2014-09-13 15:16 - 0000044 _____ () C:\Users\FAM\AppData\Roaming\WB.CFG

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-26 23:46

==================== End of log ============================


  • 0

#28
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dssole23

Apologies for delay.

There are still a couple of programs in the install list showing. We did try to remove these earlier but weren't successful so we'll try a registry fix through FRST.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CloseProcesses:
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Getprivate VPN" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CWA Reminder by We-Care.com" /F
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    Thanks

  • 0

#29
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: spyware, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP