Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows 7 running slower than it should [Solved]

Started by Feverpitch , May 23 2015 06:08 PM

speed slow

This topic is locked

#1
Feverpitch

Posted 23 May 2015 - 06:08 PM

Member

Member
88 posts

Dell Optiplex 360

Windows 7

I have fiber optic internet and the speed has slowed down a bit.

I'd like to get help on how to bring it back up to speed.

FRST and Addition pasted below:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015 01
Ran by Dell (administrator) on DELL-PC on 23-05-2015 20:00:57
Running from C:\Users\Dell\Downloads
Loaded Profiles: Dell (Available Profiles: Dell)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Auslogics) C:\Program Files\Auslogics\BoostSpeed\BoostSpeed.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
() C:\Users\Dell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Auslogics) C:\Program Files\Auslogics\Driver Updater\DriverUpdater.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [Amazon Cloud Player] => C:\Users\Dell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-30] (Avast Software s.r.o.)
CHR HKU\S-1-5-21-2931432088-2454819386-741456421-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo...20029,0,99,9284
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> DefaultScope {3CF90F64-AFA6-4FD8-A814-9A2EDF7D4775} URL = https://search.yahoo...33,20028,0,99,0
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> {2CC68BCF-FBE2-433E-B0D4-898417AB79EA} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> {3CF90F64-AFA6-4FD8-A814-9A2EDF7D4775} URL = https://search.yahoo...33,20028,0,99,0
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> {FFF4C4D8-A65C-4254-A0CB-107396E584D8} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-26] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-27] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\duihz9lz.default
FF DefaultSearchEngine.US: Bing
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2:
FF SelectedSearchEngine: Yahoo
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20140833,20030,0,99,0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-23] ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2931432088-2454819386-741456421-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dell\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-12] (Citrix Online)
FF user.js: detected! => C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\duihz9lz.default\user.js [2014-08-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-18]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-25]

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo...33,20033,0,99,0
CHR StartupUrls: Default -> "https://search.yahoo...,20033,0,99,0","hxxp://www.msn.com/?pc=AV01"
CHR DefaultSearchKeyword: Default -> yahoo
CHR DefaultSearchURL: Default -> https://search.yahoo...33,20034,0,99,0
CHR DefaultNewTabURL: Default -> https://us.search.ya...034,0,FF31,9284
CHR DefaultSuggestURL: Default -> http://ff.search.yah...d={searchTerms}
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-13]
CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-13]
CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-13]
CHR Extension: (Google Search) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-13]
CHR Extension: (Bookmark Manager) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-04]
CHR Extension: (Skype Click to Call) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-13]
CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-13]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-30] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-30] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-30] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-30] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-30] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-30] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-30] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-30] ()
R3 D-Vitec; C:\Windows\System32\DRIVERS\dvitdcnt.sys [281344 2012-07-26] (D-vitec)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-30] (Avast Software)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 20:00 - 2015-05-23 20:01 - 00018689 _____ () C:\Users\Dell\Downloads\FRST.txt
2015-05-23 20:00 - 2015-05-23 20:01 - 00000000 ____D () C:\FRST
2015-05-23 20:00 - 2015-05-23 20:00 - 00000000 ____D () C:\Users\Dell\Downloads\FRST-OlderVersion
2015-05-23 19:59 - 2015-05-23 20:00 - 01147392 _____ (Farbar) C:\Users\Dell\Downloads\FRST.exe
2015-05-23 18:40 - 2015-05-23 18:40 - 00000056 _____ () C:\Windows\setupact.log
2015-05-23 18:40 - 2015-05-23 18:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-18 20:47 - 2015-05-18 20:48 - 00000000 ____D () C:\ProgramData\BSD
2015-05-18 20:47 - 2015-05-18 20:47 - 07370448 _____ (Auslogics Labs Pty Ltd ) C:\Users\Dell\Downloads\anti-malware-setup.exe
2015-05-18 20:47 - 2015-05-18 20:47 - 00001130 _____ () C:\Users\Dell\Desktop\Auslogics Driver Updater.lnk
2015-05-18 20:46 - 2015-05-18 20:46 - 09118040 _____ (Auslogics Labs Pty Ltd ) C:\Users\Dell\Downloads\driver-updater-setup.exe
2015-05-18 20:46 - 2015-05-18 20:46 - 00001087 _____ () C:\Users\Dell\Desktop\Auslogics BoostSpeed 7.lnk
2015-05-18 20:45 - 2015-05-18 20:45 - 18277448 _____ (Auslogics Labs Pty Ltd ) C:\Users\Dell\Downloads\boost-speed-setup.exe
2015-05-18 08:04 - 2015-05-18 08:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-12 22:12 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 15:09 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-12 15:09 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 15:09 - 2015-04-27 15:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 15:09 - 2015-04-27 15:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 15:09 - 2015-04-27 15:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 15:09 - 2015-04-27 15:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 15:09 - 2015-04-27 15:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 15:09 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 15:09 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 15:09 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 15:09 - 2015-04-27 15:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 15:09 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 15:09 - 2015-04-27 15:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 15:09 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 15:09 - 2015-04-27 15:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 15:09 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 15:09 - 2015-04-27 15:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 15:09 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 15:09 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 15:09 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 15:09 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 15:09 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 15:09 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 15:09 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 15:09 - 2015-04-27 14:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 15:09 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 15:08 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 15:08 - 2015-04-19 22:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 15:08 - 2015-04-19 22:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 15:07 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 15:07 - 2015-04-21 11:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 15:07 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 15:07 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 15:07 - 2015-04-12 23:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 15:06 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 15:06 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 15:06 - 2015-04-21 12:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 15:06 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 15:06 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 15:06 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 15:06 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 15:06 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 15:06 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 15:06 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 15:06 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 15:06 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 15:06 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 15:06 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 15:06 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 15:06 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 15:06 - 2015-04-21 11:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 15:06 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 15:06 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 15:06 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 15:06 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 15:06 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 15:06 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 15:06 - 2015-04-21 11:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 15:06 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 15:06 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 15:06 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 15:06 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 15:06 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 15:06 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 15:06 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 15:06 - 2015-04-07 23:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 15:06 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 15:06 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 15:06 - 2015-03-04 00:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 15:06 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 15:04 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-04 07:57 - 2015-05-23 18:59 - 01308446 _____ () C:\Windows\WindowsUpdate.log
2015-04-30 17:58 - 2015-04-30 17:58 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-30 17:58 - 2015-04-30 17:58 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-27 07:09 - 2015-04-27 07:09 - 00000000 ____D () C:\Program Files\Common Files\Java

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 19:57 - 2014-04-13 18:30 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 19:20 - 2014-08-12 20:04 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2931432088-2454819386-741456421-1000.job
2015-05-23 19:18 - 2009-07-14 00:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-23 19:18 - 2009-07-14 00:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-23 19:17 - 2014-03-25 11:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 19:11 - 2014-04-13 18:31 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-23 18:59 - 2014-03-25 11:47 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-23 18:59 - 2014-03-25 11:47 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-23 18:56 - 2014-08-12 21:29 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-05-23 18:56 - 2009-07-13 22:04 - 00000541 _____ () C:\Windows\win.ini
2015-05-23 18:55 - 2014-04-13 18:42 - 00000000 ____D () C:\Users\Dell\AppData\Roaming\Skype
2015-05-23 18:55 - 2014-04-13 18:41 - 00000000 ____D () C:\ProgramData\Skype
2015-05-23 18:49 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-05-23 18:40 - 2014-04-13 18:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 18:40 - 2014-03-25 11:28 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2015-05-23 18:40 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 18:39 - 2014-04-13 19:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-18 21:20 - 2009-07-14 03:50 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-18 20:47 - 2014-04-13 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-05-18 20:47 - 2014-04-13 18:38 - 00000000 ____D () C:\ProgramData\Auslogics
2015-05-18 20:47 - 2014-04-13 18:38 - 00000000 ____D () C:\Program Files\Auslogics
2015-05-18 10:38 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-18 09:03 - 2014-04-13 19:02 - 00000000 ____D () C:\Users\Dell\Documents\Copywriting
2015-05-18 09:03 - 2014-03-25 11:18 - 00000000 ____D () C:\Users\Dell\AppData\Roaming\Adobe
2015-05-18 07:09 - 2014-03-24 15:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-18 07:07 - 2014-04-13 19:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-18 06:58 - 2014-03-23 14:02 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 06:55 - 2014-03-24 15:53 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-18 06:51 - 2009-07-14 00:33 - 00408064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 06:48 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 22:11 - 2014-03-25 11:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 13:13 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2015-04-30 17:58 - 2014-04-21 10:59 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-30 17:58 - 2014-03-25 11:44 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-30 17:58 - 2014-03-25 11:44 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-30 17:58 - 2014-03-25 11:44 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-30 17:58 - 2014-03-25 11:44 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-30 17:58 - 2014-03-25 11:44 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-30 17:58 - 2014-03-25 11:44 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-30 17:57 - 2014-03-25 11:44 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-27 07:17 - 2014-04-13 18:32 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-27 07:17 - 2014-04-13 18:31 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-27 07:15 - 2014-08-12 21:04 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-27 07:14 - 2014-10-27 16:32 - 00000000 ____D () C:\Program Files\Java
2015-04-27 07:08 - 2014-10-27 16:32 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-27 07:05 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-27 06:58 - 2014-12-15 21:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-27 06:58 - 2014-05-06 22:54 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== Files in the root of some directories =======

2014-08-12 21:07 - 2014-08-12 21:07 - 0000984 _____ () C:\Users\Dell\AppData\Roaming\.starmoon_kst.cfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-18 20:43

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-05-2015 01
Ran by Dell at 2015-05-23 20:01:42
Running from C:\Users\Dell\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2931432088-2454819386-741456421-500 - Administrator - Disabled)
Dell (S-1-5-21-2931432088-2454819386-741456421-1000 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-2931432088-2454819386-741456421-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2931432088-2454819386-741456421-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics BoostSpeed 7 (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 7.9.0.0 - Auslogics Labs Pty Ltd)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.3.0 - Auslogics Labs Pty Ltd)
Auslogics Driver Updater (HKLM\...\{23BB1B18-3537-48F7-BEF7-42BC65DBF993}_is1) (Version: 1.5.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Citrix Online Launcher (HKLM\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Dropbox (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-2931432088-2454819386-741456421-1000\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KeepMySettingsX (HKLM\...\KeepMySettingsX) (Version: - InstallX, LLC) <==== ATTENTION
Knctr (HKLM\...\Itibiti_is1) (Version: - Itibiti Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
RegAce System Suite (HKLM\...\RegAce System Suite_is1) (Version: 3.2.2 - WebMinds, Inc.)
Self-service Plug-in (Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
VideoBuzz (HKLM\...\{B25D67C4-E885-43F8-8085-B532F6261529}) (Version: 1.0.0 - InstallX, LLC) <==== ATTENTION
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.59.0 - Verizon)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2931432088-2454819386-741456421-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dell\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

11-05-2015 18:25:42 Windows Update
12-05-2015 22:04:27 Windows Update
18-05-2015 06:55:00 Windows Update
18-05-2015 21:19:41 Windows Update
23-05-2015 18:57:16 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2014-03-23 13:55 - 00000864 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {190A41DA-4C90-43CB-9661-BD53B11F13B5} - \SavePathDeals\Updater\SavePathDeals updater No Task File <==== ATTENTION
Task: {2289000F-C07A-4245-8FAE-73DACF4E1676} - System32\Tasks\Auslogics\Driver Updater\Start Driver Updater оn logon => C:\Program Files\Auslogics\Driver Updater\DriverUpdater.exe [2015-05-14] (Auslogics)
Task: {2C62FE3E-2C87-40C0-9957-33B09465DA79} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {32991E2B-67AE-41EC-8170-BEE1033318F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4BB8D682-B352-46A8-95DE-0B07158EEEAD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {52465EDD-59A5-4BF1-8612-354085296B64} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {5F236D6B-DFCD-4B84-B825-ACA4DCFE8AC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {6BA3802B-B1C6-4DBC-8F4C-328556173C0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {9193F921-54B4-4D0B-A3FA-99770F9A3016} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {A426FE01-09BA-4283-94BA-91092D0FB285} - System32\Tasks\RegAce Scheduled Scan - Dell => C:\Program Files\RegAce System Suite\RegAce.exe [2014-02-18] (WebMinds, Inc)
Task: {AC1B5E8B-951A-41DD-A0DF-C5D47DAC3A51} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-30] (Avast Software s.r.o.)
Task: {AFB0535E-D649-4495-A56A-6AAF6ED76C13} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C9A39D22-B5EC-4518-A440-3D030ADF99C0} - System32\Tasks\G2MUpdateTask-S-1-5-21-2931432088-2454819386-741456421-1000 => C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-05-04] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CA291E63-21D1-483C-A4BD-32C1400ED78E} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Dell logon => C:\Program Files\Auslogics\BoostSpeed\BoostSpeed.exe [2015-05-13] (Auslogics)
Task: {CC07A14B-F2C7-4FD8-A344-91E43545EA56} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
Task: {D36FD9D1-2BA7-48C5-9076-3930E3F9EF78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {E0115FE1-8A3F-4D43-9349-B69D46661F15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-23] (Adobe Systems Incorporated)
Task: {E7B6D535-5EDC-4F95-8BCA-4F1065A2BF92} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2931432088-2454819386-741456421-1000.job => C:\Users\Dell\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegAce Scheduled Scan - Dell.job => C:\Program Files\RegAce System Suite\RegAce.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-30 17:58 - 2015-04-30 17:58 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-30 17:58 - 2015-04-30 17:58 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-18 14:53 - 2015-05-18 14:53 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051801\algo.dll
2015-05-23 18:44 - 2015-05-23 18:44 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052302\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-09 23:18 - 2010-01-09 23:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 04:34 - 2010-01-21 04:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-26 07:07 - 2015-03-26 07:07 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-13 18:26 - 2014-03-07 16:39 - 03168576 _____ () C:\Users\Dell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2015-05-23 18:59 - 2015-05-23 18:59 - 16867504 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2931432088-2454819386-741456421-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9B9E8E5F-EB1B-4913-9E23-D868B930DBFD}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{32E5189A-DB2F-41F2-8B90-413FE47EF6EE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{867AB921-6ABF-4240-A989-E65256300A4D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{4133FBA0-AA43-4E91-A146-46DBEE247D50}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{BAAABFA0-7D7E-4FD7-A0F3-8367667E5ED6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{228BC97E-BD89-49AD-83D2-7EF9B0D7C3CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB1BF005-4AF4-46FC-82DC-A43F62EB45DC}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{098069C1-CA06-4C4E-8989-06B62B2876A5}] => (Allow) C:\Program Files\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{DB29BF00-A67F-46F3-B3E2-EC7651E8009A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EF3E1ED2-CC1E-4E41-A297-58D68C62DC79}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E16A847B-400F-4CB6-8C83-9C9C6B378FFC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{59E0B374-2A19-4A6D-A669-04EC138B8603}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{77FB6EF7-8D4D-429B-BC2A-C2EDB570DA8D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/18/2015 07:53:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 37.0.2.5583 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1394

Start Time: 01d09159d3a1d5da

Termination Time: 341

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 0b054df4-fdb9-11e4-977c-0025649dc542

Error: (05/18/2015 07:53:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1374
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/18/2015 07:06:54 AM) (Source: MsiInstaller) (EventID: 1024) (User: Dell-PC)
Description: Product: Adobe Reader XI (11.0.10) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011011}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (05/18/2015 06:56:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: C:\Program Files\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll . Error code = 0x80070020

Error: (05/12/2015 01:07:59 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/12/2015 01:07:59 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EFD

Error: (05/11/2015 06:29:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...89CAF36BF2.crt>with error: This operation returned because the timeout period expired.
.

Error: (04/30/2015 06:01:40 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2015 06:01:40 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2015 06:01:40 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (05/23/2015 06:40:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpyHunter 4 Service service failed to start due to the following error:
%%2

Error: (05/18/2015 06:51:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpyHunter 4 Service service failed to start due to the following error:
%%2

Error: (05/18/2015 06:47:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpyHunter 4 Service service failed to start due to the following error:
%%2

Error: (05/12/2015 10:08:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80080005: Security Update for Windows 7 (KB3046002).

Error: (05/12/2015 10:08:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/12/2015 05:24:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpyHunter 4 Service service failed to start due to the following error:
%%2

Error: (05/11/2015 09:17:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (05/11/2015 06:16:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpyHunter 4 Service service failed to start due to the following error:
%%2

Error: (05/04/2015 01:52:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (05/04/2015 07:54:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpyHunter 4 Service service failed to start due to the following error:
%%2

Microsoft Office:
=========================
Error: (05/18/2015 07:53:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe37.0.2.5583139401d09159d3a1d5da341C:\Program Files\Mozilla Firefox\firefox.exe0b054df4-fdb9-11e4-977c-0025649dc542

Error: (05/18/2015 07:53:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1137401d091c586f0c050C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll18e3c43b-fdb9-11e4-977c-0025649dc542

Error: (05/18/2015 07:06:54 AM) (Source: MsiInstaller) (EventID: 1024) (User: Dell-PC)
Description: Adobe Reader XI (11.0.10){AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)

Error: (05/18/2015 06:56:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: C:\Program Files\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll . Error code = 0x80070020
C:\Program Files\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll

Error: (05/12/2015 01:07:59 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0x80072EFD66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/12/2015 01:07:59 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EFD00010001(0x00000000, 13:07:52:998 - http://go.microsoft....?LinkId=151642)
00020001(0x00000000, 13:07:53:662)
00030001(0x00000000, 13:07:53:662 - http://go.microsoft.com)
00030002(0x00000000, 13:07:53:662 - 0)
00040001(0x00000000, 13:07:53:662 - http://go.microsoft.com)
00040002(0x00000000, 13:07:53:667 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 13:07:55:920 - <NULL>)
00040006(0x00000000, 13:07:55:920 - 1, http://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 13:07:55:920 - 0)
0002000C(0x00000000, 13:07:56:021 - 302)
0002000E(0x00000000, 13:07:56:021 - https://validation.s...WGA/slwga.asmx)
00020001(0x00000000, 13:07:56:021)
00030001(0x00000000, 13:07:56:022 - https://validation.sls.microsoft.com)
00030002(0x00000000, 13:07:56:022 - 0)
00040001(0x00000000, 13:07:56:022 - https://validation.sls.microsoft.com)
00040002(0x00000000, 13:07:56:027 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 13:07:58:281 - <NULL>)
00040006(0x00000000, 13:07:58:281 - 1, https://validation.sls.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 13:07:58:281 - 0)
00020008(0x80072EFD, 13:07:59:282 - SOAPAction: "http://microsoft.com...ice/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlso...soap/envelope/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[5]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>66c92734-d682-4d71-983e-d6ec3f16059f</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>ad45ad97-96d1-4637-9991-cc0bef7fe4d4</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value><clienttoken><token><name>ClientEvent</name><type>EventType</type><value>0x00000012</value></token><token><name>ADMIN:FirstValidation</name><type>Info</type><value>0</value></token><token><name>ADMIN:MachineId</name><type>Info</type><value>EnzHoDD8XxKTG/4KQoxbYp8F/u005spuJot7hNuX5b0=</value></token><token><name>ADMIN:NumberTimesNonGenuine</name><type>Info</type><value>0</value></token><token><name>ADMIN:RemainingRearmCount</name><type>Info</type><value>4</value></token><token><name>ADMIN:TimeNonGenuine</name><type>Info</type><value>0</value></token><token><name>ADMIN:TotalValidations</name><type>Info</type><value>4</value></token><token><name>ADMIN:UGUID</name><type>Info</type><value>b8d0278b-6369-4560-b15a-417a69f68e0f</value></token><token><name>AUOptionsLocal</name><type>Info</type><value>4</value></token><token><name>ActiveSkuDescription</name><type>Info</type><value>Windows Operating System - Windows® 7, OEM_SLP channel</value></token><token><name>ActiveSkuId</name><type>Info</type><value>7cfd4696-69a9-4af7-af36-ff3d12b6b6c8</value></token><token><name>CodeSigning</name><type>Info</type><value>SIGNED_INFO_PRS_SIGNED</value></token><token><name>DomainJoined</name><type>Info</type><value>false</value></token><token><name>EditionId</name><type>Info</type><value>Ultimate</value></token><token><name>HROffline</name><type>Info</type><value>0x00000000</value></token><token><name>OSVersion</name><type>Info</type><value>6.1.7601.2.00010100.1.0.001</value></token><token><name>OemMarkerVersion</name><type>Info</type><value>0x00020001</value></token><token><name>OemTableId</name><type>Info</type><value>WN09   </value></token><token><name>OfflineGenuineBlob</name><type>Info</type><value>Bg3hsMh4UztGgMYkk7jcGnxOg0cqn+8q1aSqyVxbz+Pxi4UTDV9IA2rSxiWWUSwS9SuAGtLgAvAjxWkgtidmqt83dQQjc1/CK1pPxegNLBkwqUzigQLNYTrwzLsMQEqzeVL0vHiJ7zyCJ6OJQ6MQS90pMWxnKoqlmE+CYuzDYPs8odJ4MmzWcFfoDNIR9IleOiwxMpfqfGu/ceeSFGWoZBZ6yI8Xxtjse3NdmjaJGZ3zvEmk2B3iEdfEjlKiA/ssKuEsz3sVfIZe0P8EVLd8wEKoqiHwmZMmr6o0cM63XfbcgnYiJ1nI+urFN0HO2l8EyUlif0f7B9qs2hzLjN8JLxVyeBGSAAwrO8F6Jz3c4b1NO9P/bZQ7usoamX3BTFmdkvtVqF4OA8uFIW/7llz9zfwt0zLTjMLZzcPZE7XUiboQuIbLss5gKR4Ex9ia1gQaBTpIm25SVS032nkNDma688RbzyYAYeASe3YbT6rqzqRIsxA8QK7perdyQ3Qr/BHeyvxKA83LUMFaDRE5e1R7pfLbJW9Ze4zjQQiw57qOBA/SKE/uccUeZ9oxbEJfHFWW81toYATMI0b0m4cdptfUr4q4aNTnh/3uZNmGZn4ixFZVp+/ezNCjaroUKB4PyKYxApBrbvrjDvf7i8ktTcEpZqUN34Vt0rd0kggsfsy98+/SNsCQijoCGkqHXkr/h454QAAR+s9riG4q0RFuFQND6gKRjBBO7IrND0ZfMFCDadHGnP9ukfBsjKLGp/RYVQLMl8Xm0+/tScQDoHM/Qe/0nCUVy1McorxLVl3mTt69wuVqxT1PWra4wy+B0kQgIfvgDvBd+sjRvk7s64BMNeJCl3EFz4ZIXLRB6KSXqb/1W4v0A8TNYBw62U8mg8lpY6ICffRDDlCpqQ5iCG6iozkSJTbA/n7dNRk2R3Am//tDkRmxwmubpAf3pnEAYNU/rBcHnzvhhOtglW+385KTcqywIzC0OkO/87mrehKsFDhz3Q6f5CbPNiksX2oxCus1tBrxGud1DD0SV4FDpZwp/Nd36GQpvBan1MSPbBKHnMsscouBRzqUKUNIqNfk7c5dchYeTbJ+raGRp/f80lRWhnDOrIlHfN8qjrZ2uvM7J4gGYpt5255f/G0KiUW3Trq3C9gyxiumJzLWc9DR0/ffkyCUaMt14GlVz23xAhZYHwWNyeIyiQhLc3qAGC7v/PrAfeTlye4O4cs0mJXcbz5agzMe3RFzHGtvZZIARAaOj6Z6QvH7o8CmO8ZIh1kvJnOkxW5Dy59zvu3LazEObP5I0e7QxOC+/Ask2Xh7bYsVMD95KeFJ06BmW8RUWtkCfHsEhSU2uU3eRy5aTHSGCr/969h5Y8XIDu8XdURlqEWZg4mPJDPx8v+Ue1v9EcnQ7+/B0jFV/XDu4FdRrbhw6iBMGY/AEgZbb4ATfCG4JKtzfXXt3/FHKZsizWHclTT6fZxn+cmS2aF/4d4l5Vksx7BFHhzYnPY33mG5xPwfZR3ZMX4pfjY+alWmN5xEmf0ChHcOnLneQBDn05IIT4XAkO2ncKAW6fFzzn9q0K/ZBEt/b8pICaeBbrkpdUR0odHL5Nxt/yKUxtQTt5ZQZ9rX56quDzOi6D0UD4O1Z5hP9N4qxNIRz61HQrGT3L/114Y0XGrICAiBe1NkkfHiqo9rK96FDJz6d5LPRQa99o0jlawYwKnutk5kDmMntxTeeMik/OoETxgDzDS9/clBSstLyzebs+/Ug4JMPS5yEn2ChxYyAEQ1YC/P6xkK59A9SVmKgzvsC2nWkUxX83BwGpPBth3m6U9j7082/LXcDwCIFHk2CyJBMeHel3dbZo2ZROQwkHSL0FzUipGMN1jWyrKz3N/6C0iOvhWtBY2uLUQWVM5ke+ZCZS98rOql5cRTuDoMWVU8gWcM6P9w6thM1mQ+5OiHwF5BUqo48WTdXHiJCJSSXmrKBavPLJeGAtqaRV/WIZkLE9vY7WAnPeGU5tTfjXYvaDLdcUU94unS0YmwBPSXH94/WWxaRXvwSSB/Gd6r0gQDuGGFZMWAun++g3EvFDWPiTM30GulhKTcyIut5yvnYJ/2881e0GMHFo/VU+VF8iMS7v5HlfQhFOy+dFVHMtWSs0+beekQ79PT/60Ou8nAOibL5hYiIg08qBHWXZUKwFmTdVCM1bgLbrPYkmJjAuo/e2/z4soqqNZXVUlMTSn/Jr6hxAjc4MMgRPxDXBQJkOr4JsRdPvWTMpMiukWsfz3xtRYH+u51+UQ1IEftwMWCE/JMEBCk1Ofi5rCbqs2/YKB5mcfTIPRoDCbealOS3YmVT5iAsJVSr7TS3DSszHHiZONk+kSJeNX167dS+BOW/vfX6vomW3ccmnWvX7CGSedD9MwdgiFq7h46iDE/o5LL1D+W99vWBfa6MFgVW6mTJn8HNteo0zZ8NxIhA/GD6cbAdeOBOF/teoPMYp3882j2XuRxr9z1hgUITNxghKiSIboYv61A4rAQ56I/OI3m+PvmxeLiQtghGsIz0Ntt2WAXzlrmC2mltL8WYjLy60LSSl6pOEypvZpDwgHWJ0wQ57fPv0WrTILvcoBdG8+igxDLpodu0e41ofVC+ZgCZMoeTX5C3ke00IU827DD0yGla4zWd5r+Ui8Z02R77r3/3Go+cLoewSeii3/lY1OSOf1gGVeazJdfuZii5B54NVNs/uhBajYbW6wP7ljXzT0yXa4jE5/gjgYr6+Jylrjl1jamJZl+9xEQS27XmwRMtAvclqU3EMEruJKqPdnBlFwK3z9tTb9GGt1rlZqo1Ep5kP4FOWLndCPxPckxHP/ub7VrHhWstagGlSOhr5eme0QQfkPP/63jkV+HNGRPcSJRBZPVFSuL2vsIj7ZjTsPhZU9DdxSxL9wK/1uMUnXpee6yQdAHuSQm2szsfKXyu/OcuCxhta2U6GcMBSn+eYlqCsHnlLj7VX2abxvWDbOscxlti5Psxgik4w25EQdKne8MtLMK+TYbg6lg</value></token><token><name>OfflineInstallationId</name><type>Info</type><value>003703169060417433413152184792488540548391838370872095</value></token><token><name>PackageFlavor</name><type>Info</type><value>Windows</value></token><token><name>PackageVersion</name><type>Info</type><value>7.1.7600.16395</value></token><token><name>PartnerId</name><type>Info</type><value>Windows</value></token><token><name>ProcessorArchitecture</name><type>Info</type><value>x86</value></token><token><name>ProductLCID</name><type>Info</type><value>1033</value></token><token><name>ProductName</name><type>Info</type><value>Windows 7 Ultimate</value></token><token><name>ProductUniquenessGroups</name><type>Info</type><value>66c92734-d682-4d71-983e-d6ec3f16059f</value></token><token><name>ServiceAvailable</name><type>Info</type><value>true</value></token><token><name>SystemLCID</name><type>Info</type><value>1033</value></token><token><name>UserLCID</name><type>Info</type><value>1033</value></token><token><name>WMI:Win32_ComputerSystem:Manufacturer</name><type>Info</type><value>Dell Inc.</value></token><token><name>WMI:Win32_ComputerSystem:Model</name><type>Info</type><value>OptiPlex 360                 </value></token><token><name>WMI:Win32_OperatingSystem:InstallDate</name><type>Info</type><value>20140323135213.000000-240</value></token></clienttoken></Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFD, 13:07:59:285 - <NULL>)
00010003(0x80072EFD, 13:07:59:285)

Error: (05/11/2015 06:29:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windows...AF36BF2.crtThisoperation returned because the timeout period expired.

Error: (04/30/2015 06:01:40 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (04/30/2015 06:01:40 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/30/2015 06:01:40 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 70%
Total physical RAM: 3060.97 MB
Available physical RAM: 892.48 MB
Total Pagefile: 6120.25 MB
Available Pagefile: 3608.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.91 GB) (Free:115.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: EE411F60)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)

==================== End of log ============================

#2
DanoNH

Posted 26 May 2015 - 10:35 PM

Trusted Helper

Malware Removal
2,155 posts

Hello and Welcome! :welcome:

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user. The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can. PLEASE be patient.

I am currently in training, so there will be another person reviewing my work. This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one... :cool:

Please note that you should have Administrator rights to perform any fixes.
Before we proceed, you may wish to print instructions for easy reference during the fix. Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
Please understand that malware removal is a complicated, multi-step process. Therefore please stay with me until I tell you that your system is clean.
Please do not make any system or program changes, or run any tools unless I specifically ask you to. Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean. If you get stuck or have questions, please stop and ask so I can help you.
Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk. While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
When posting logs, please Copy & Paste the log file contents into a reply. Use multiple posts if necessary, but please do not attach them or post them on a file hosting site.

Sorry for your wait here, and thank you for your patience. It I will be back soon with some instructions for you.

In the meantime, please:

Move (not Copy) your copy of FRST.exe from your C:\Users\Dell\Downloads folder to your C:\Users\Dell\Desktop folder.
Let me know when your slowdown issues first started happening (as best as you remember).

#3
DanoNH

Posted 27 May 2015 - 09:05 AM

Trusted Helper

Malware Removal
2,155 posts

Hello Feverpitch,

Thanks for your patience. Before we get started, I need to ask you about your copy of Microsoft Office Professional Plus 2010. Is it licensed properly? From where did you obtain it?

You have HackTool:Win32/AutoKMS on your system which is used to bypass Office Activation. Such a method will prevent Office from updating with important security fixes, which can increase your chances of getting infected. The risk increases as time goes on and the program becomes more outdated.

My below cleanup steps will remove HackTool:Win32/AutoKMS, requiring you to activate your copy of Office. I am not here to judge, but we have rules I must follow... OpenOffice is a Free alternative.

That said, if you are willing to proceed, please uninstall Microsoft Office if it is not properly licensed. Then we can continue...

First
Programs uninstall

Go to the Control Panel > Uninstall a program or Programs and Features, and uninstall the following programs:

Itibiti RTC (if you don't use this)
KeepMySettingsX
Knctr (if not used. Might need to be stopped in the System Tray first)
VideoBuzz

Recommended to uninstall, but not required:

RegAce System Suite (registry 'optimizers' can cause big problems)

Second
Run a FRST Fix

Download the attached fixlist.txt file and save it to the Desktop: fixlist.txt 1.37KB 196 downloads
(Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Third
Run Junkware Removal Tool:

Please download Junkware Removal Tool to your Desktop.

Shut down your protection software now to avoid potential conflicts. See here for more information.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Fourth
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
Do not click the Cleaning button.
Click the Logfile button to get the log.
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Finally
In your next reply, please copy/paste the contents of the following logs:

FRST Fixlog
JRT
AdwCleaner

#4
DanoNH

Posted 29 May 2015 - 09:33 AM

Trusted Helper

Malware Removal
2,155 posts

Hello Feverpitch,

Just checking in as it's been a couple of days since I last posted here and I haven't heard from you.

Do you still need help with this, or need extra time?

#5
Feverpitch

Posted 30 May 2015 - 09:40 AM

Member

Topic Starter
Member
88 posts

Sorry for the delay. I purchased this Dell desktop used about 2 years ago, and it came loaded with the software. CAn you assure me that OpenOffice is a viable alternative before I continue? Thanks.

#6
DanoNH

Posted 30 May 2015 - 10:53 AM

Trusted Helper

Malware Removal
2,155 posts

Well, it depends on what you need it to do, really. I have used OpenOffice myself in the past and found it quite capable, however, I just did a quick search for "free office suite" and also found LibreOffice, which looks well thought-out, is available in a "portable" version, is open source and rapidly growing. It's ultimately your choice what to use and what meet your needs.

Our Terms of Use states (in section 3):

"We will NOT help anyone we suspect of having obtained their software or services illegally."

Therefore I am obligated to ask you to remove any cracks or licensing circumvention software I discover, among other things. I am not here to judge, just respond to what I discover in logs, and to help to the best of my ability and within the rules.

That said, I am more than willing and happy to help you out. I just have to play by the rules here too...

Let me know what you decide.

#7
Feverpitch

Posted 30 May 2015 - 11:07 AM

Member

Topic Starter
Member
88 posts

Fix result of Farbar Recovery Scan Tool (x86) Version: 22-05-2015 01
Ran by Dell at 2015-05-30 12:59:40 Run:2
Running from C:\Users\Dell\Desktop
Loaded Profiles: Dell (Available Profiles: Dell)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CHR HKU\S-1-5-21-2931432088-2454819386-741456421-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2931432088-2454819386-741456421-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\duihz9lz.default\user.js [2014-08-12].
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Task: {190A41DA-4C90-43CB-9661-BD53B11F13B5} - \SavePathDeals\Updater\SavePathDeals updater No Task File <==== ATTENTION
2015-05-23 18:40 - 2014-03-25 11:28 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
Task: {4BB8D682-B352-46A8-95DE-0B07158EEEAD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
C:\Windows\Tasks\AutoKMS.job
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
EmptyTemp:
CMD: bitsadmin /reset /allusers
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\SOFTWARE\Policies\Google => key not found.
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\duihz9lz.default\user.js => not found.
SpyHunter 4 Service => Service not found.
esgiguard => Service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{190A41DA-4C90-43CB-9661-BD53B11F13B5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SavePathDeals\Updater\SavePathDeals updater => key not found.
"C:\Windows\Tasks\AutoKMS.job" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BB8D682-B352-46A8-95DE-0B07158EEEAD} => key not found.
C:\Windows\System32\Tasks\AutoKMS not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key not found.
C:\Windows\Tasks\AutoKMS.job not found.
"C:\Windows\AutoKMS" => File/Directory not found.
"C:\Windows\Tasks\AutoKMS.job" => File/Directory not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
HKU\S-1-5-21-2931432088-2454819386-741456421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 20.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 13:00:23 ====

#8
Feverpitch

Posted 30 May 2015 - 11:11 AM

Member

Topic Starter
Member
88 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 7 Ultimate x86
Ran by Dell on Sat 05/30/2015 at 13:08:40.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\PIP
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\PIP

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVERUPDATER.EXE-122CAC76.pf

~~~ Folders

Successfully deleted: [Folder] C:\Program Files\Optimizer Pro
Successfully deleted: [Folder] C:\Program Files\searchprotect
Successfully deleted: [Folder] C:\Users\Dell\AppData\Roaming\microsoft\windows\start menu\programs\arcadeparlor
Successfully deleted: [Folder] C:\Users\Dell\AppData\Roaming\systweak
Successfully deleted: [Folder] C:\Users\Dell\documents\optimizer pro
Successfully deleted: [Folder] C:\Windows\System32\ai_recyclebin

~~~ FireFox

Successfully deleted the following from C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\duihz9lz.default\prefs.js

user_pref(extensions.SavePathDeals.actReportString, );
user_pref(extensions.SavePathDeals.lastActSaveTime, 1407928316000);
user_pref(extensions.SavePathDeals.timeFirstStart, 1407893336639);
user_pref([email protected], true);
Emptied folder: C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\duihz9lz.default\minidumps [34 files]

~~~ Chrome

[C:\Users\Dell\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Dell\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Dell\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Dell\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/30/2015 at 13:10:40.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#9
Feverpitch

Posted 30 May 2015 - 11:16 AM

Member

Topic Starter
Member
88 posts

# AdwCleaner v4.205 - Logfile created 30/05/2015 at 13:14:11
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Dell - DELL-PC
# Running from : C:\Users\Dell\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Dell\AppData\Roaming\ARecEngine
Folder Found : C:\Users\Dell\AppData\Roaming\KeepMySettingsX

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Condut
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}
Key Found : HKCU\Software\SavePathDeals
Key Found : HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\systweak

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

-\\ Mozilla Firefox v38.0.1 (x86 en-US)

-\\ Google Chrome v43.0.2357.81

[C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2742 bytes] - [30/05/2015 13:14:11]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2801 bytes] ##########

#10
DanoNH

Posted 30 May 2015 - 04:19 PM

Trusted Helper

Malware Removal
2,155 posts

Hello Feverpitch,

Thank you for the logs. :thumbsup:

How is the system performing now?

Please answer that, then continue with these steps:

First
Run AdwCleaner

Close all open windows and browsers.
Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
Click the Scan button and wait for the scan to complete.
When the Scan has finished the Scan button will be grayed out and the Cleaning button will be activated.
Click the Cleaning button.
Everything checked will be deleted.
When the program has finished cleaning a report appears.
Once done it will ask to reboot, allow this
On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Second
Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here

Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
If prompted to uninstall a previous version, please do so.
During installation, make sure to uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later :
If an update is found, it should download and install the latest updates automatically:
Now select the Settings tab, and check the box next to Scan for rootkits:
Go back to the Dashboard tab, and click the Scan Now button:
The scan may take some time to finish,so please be patient.
When the scan is complete, it will show you the results:
Make sure that everything is checked, and click Remove Selected (or similar).
When disinfection is completed, a log may open in Notepad and you may be prompted to Restart. (See Extra Note below)
The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs.
Choose the latest Scan Log:
In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Third
Please run a free online scan with the ESET Online Scanner:

Important: You must use Internet Explorer and also disable your Anti-Virus scanner for this step!

Visit the ESET Online Scanner Web Page
Select the blue Run ESET Online Scanner button:
Tick the box next to Yes, I accept the Terms of Use and click Start
When asked, allow the ActiveX control to install.
Select Enable detection of potentially unwanted applications.
Select Advanced Settings:
Check the option Enable Anti-Stealth technology, but make sure that Remove found threats is unchecked!
Click Start. (This scan can take several hours, so please be patient.)
Allow the program to update:
Once the scan is completed, select List of found threats:
Select Export to text file... and save the file as ESETlog.txt on your Desktop:
Click the Back button.
Important: Make sure that the Uninstall application on close and Delete quarantined files checkboxes are both unchecked !

Click the Finish button:
Use Notepad to open the saved log file (on your Desktop- ESET.txt)
Copy and paste that log as a reply to this topic.

Finally
In your next reply, please copy/paste the contents of the following logs:

AdwCleaner log
MBAM scan log
ESET log

And again tell me how the system is running.

#11
Feverpitch

Posted 30 May 2015 - 05:29 PM

Member

Topic Starter
Member
88 posts

Seems to be faster. Thanks! It's good to know what programs to actually use for cleaning. Your note about not using registry optimizers is helpful. I started to download RegAce at one time but never used it because there was an unexpected fee to do so. I never know who to trust.

#12
Feverpitch

Posted 30 May 2015 - 05:39 PM

Member

Topic Starter
Member
88 posts

# AdwCleaner v4.205 - Logfile created 30/05/2015 at 19:33:49
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Dell - DELL-PC
# Running from : C:\Users\Dell\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Dell\AppData\Roaming\ARecEngine
Folder Deleted : C:\Users\Dell\AppData\Roaming\KeepMySettingsX

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C467A09-97C4-47F4-A74B-F29A60E36F9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\SavePathDeals
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Condut
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

-\\ Mozilla Firefox v38.0.1 (x86 en-US)

-\\ Google Chrome v43.0.2357.81

[C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2880 bytes] - [30/05/2015 13:14:11]
AdwCleaner[R1].txt - [2939 bytes] - [30/05/2015 19:32:32]
AdwCleaner[S0].txt - [2919 bytes] - [30/05/2015 19:33:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2978 bytes] ##########

#13
Feverpitch

Posted 30 May 2015 - 05:47 PM

Member

Topic Starter
Member
88 posts

I downloaded LibreOffice but got the following message: "This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows installer package."

As for OpenOffice, "Apache OpenOffice is not a valid Win32 application."

So neither one worked.

#14
DanoNH

Posted 30 May 2015 - 06:41 PM

Trusted Helper

Malware Removal
2,155 posts

Seems to be faster. Thanks! It's good to know what programs to actually use for cleaning. Your note about not using registry optimizers is helpful. I started to download RegAce at one time but never used it because there was an unexpected fee to do so. I never know who to trust.

That's great news! Let's see if we can clean up any other remnants too...

I downloaded LibreOffice but got the following message: "This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows installer package."

As for OpenOffice, "Apache OpenOffice is not a valid Win32 application."

So neither one worked.

Hmmm, I am not sure what link you downloaded LibreOffice from, but I just downloaded the PortableApps multilingual version of LibreOffice from here. You run the executable and choose where to extract the files. Easy-peasy, with no formal installer, just an extractor! If you try this version, you may consider creating a shortcut to the LibreOfficePortable.exe file (or directly to any of the included programs such as Writer, Calc, Impress) in the folder you extracted to.

I didn't see a direct installer for LibreOffice, so I'm not sure what installer you ran. The other download files are in ISO format, which need to be burned to a DVD before you can use them. It's an advanced technique, but if you have a disc emulator program (I use Virtual CloneDrive by SlySoft), you can "mount" the ISO image as a virtual disk directly, instead of burning it to a DVD and try installing it that way.

Here's the link to the latest installer ISO file to burn to a DVD or mount in an emulated drive (it's big - 3.6GB) if you want to try it out: http://sourceforge.net/projects/libreofficenadvd/files/latest/download?source=files One advantage to using the ISO installer is that you will get asked to make LibreOffice the default program for certain file types (Word, Visio, etc.), and it will offer to make a shortcut on the Desktop for you.

Of course, as far as available options goes, you could always purchase a licensed version of Office too...

Moving on...

I'm looking forward to seeing your MBAM and ESET logs