Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

security errors programs not loading other problems [Solved]


  • This topic is locked This topic is locked

#1
zuggalo

zuggalo

    Member

  • Member
  • PipPip
  • 84 posts

hi im trying to fix my mum and dads comp for them. shes having problems loading some webpages ive also noticed some weird things like images appearing in the scroll bars. ive tried reinstalling flash and running a virus scan but it doesnt seem to be much help

 

thanks in advance for the help

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by family (administrator) on FAMILYS on 12-06-2015 14:24:54
Running from C:\Users\family\Desktop
Loaded Profiles: family & UpdatusUser (Available Profiles: family & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\family\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_160_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [PDF Complete] => c:\program files (x86)\pdf complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe [60712 2015-03-20] (Apple Inc.)
HKU\S-1-5-21-378932227-2856890839-977457961-1000\...\Run: [News.net] => C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
HKU\S-1-5-21-378932227-2856890839-977457961-1000\...\Run: [ISUSPM] => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
Startup: C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-12-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\family\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-378932227-2856890839-977457961-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/51
HKU\S-1-5-21-378932227-2856890839-977457961-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL/51
HKU\S-1-5-21-378932227-2856890839-977457961-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/51
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1000 -> DefaultScope {C41BE1AB-12F2-44B8-92B6-FCCF48C060F7} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1000 -> {C41BE1AB-12F2-44B8-92B6-FCCF48C060F7} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yah...psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://www.kaboodlep...X_WEB_Win32.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\rqft8b3c.default-1430774295619
FF Homepage: hxxp://ww.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-12] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-03-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-03-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Extension: Saved Password Editor - C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\rqft8b3c.default-1430774295619\Extensions\[email protected] [2015-05-05]

Chrome:
=======
CHR Profile: C:\Users\family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06]
CHR Extension: (Google Wallet) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-26] ()
S3 AnyDVD; System32\Drivers\AnyDVD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-12 14:24 - 2015-06-12 14:25 - 00016657 _____ C:\Users\family\Desktop\FRST.txt
2015-06-12 14:24 - 2015-06-12 14:24 - 00000000 ____D C:\FRST
2015-06-12 14:23 - 2015-06-12 14:23 - 02108928 _____ (Farbar) C:\Users\family\Desktop\FRST64.exe
2015-06-12 14:09 - 2015-06-12 14:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-12 14:09 - 2015-06-12 14:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-12 14:09 - 2015-06-12 14:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-12 14:09 - 2015-06-12 14:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 22:25 - 2015-06-02 05:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 22:25 - 2015-06-02 04:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 22:25 - 2015-05-28 00:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 22:25 - 2015-05-28 00:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 22:25 - 2015-05-23 13:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 22:25 - 2015-05-23 13:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 22:25 - 2015-05-23 13:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 22:25 - 2015-05-23 13:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 22:25 - 2015-05-23 13:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 22:25 - 2015-05-23 13:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 22:25 - 2015-05-23 13:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 22:25 - 2015-05-23 13:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 22:25 - 2015-05-23 13:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 22:25 - 2015-05-23 13:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 22:25 - 2015-05-23 13:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 22:25 - 2015-05-23 13:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 22:25 - 2015-05-23 13:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 22:25 - 2015-05-23 12:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 22:25 - 2015-05-23 12:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 22:25 - 2015-05-23 12:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 22:25 - 2015-05-23 12:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 22:25 - 2015-05-23 12:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 22:25 - 2015-05-23 12:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 22:25 - 2015-05-23 12:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 22:25 - 2015-05-23 12:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 22:25 - 2015-05-23 12:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 22:25 - 2015-05-23 12:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 22:25 - 2015-05-23 12:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 22:25 - 2015-05-23 12:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 22:25 - 2015-05-23 12:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 22:25 - 2015-05-23 05:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 22:25 - 2015-05-23 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 22:25 - 2015-05-23 05:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 22:25 - 2015-05-23 05:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 22:25 - 2015-05-23 05:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 22:25 - 2015-05-23 05:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 22:25 - 2015-05-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 22:25 - 2015-05-23 04:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 22:25 - 2015-05-23 04:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 22:25 - 2015-05-23 04:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 22:25 - 2015-05-23 04:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 22:25 - 2015-05-23 04:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 22:25 - 2015-05-23 04:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 22:25 - 2015-05-23 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 22:25 - 2015-05-23 04:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 22:25 - 2015-05-23 04:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 22:25 - 2015-05-23 04:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 22:25 - 2015-05-23 04:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 22:25 - 2015-05-23 04:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 22:25 - 2015-05-23 04:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 22:25 - 2015-05-23 04:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 22:25 - 2015-05-23 04:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 22:25 - 2015-05-23 04:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 22:25 - 2015-05-23 04:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 22:25 - 2015-05-23 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 22:25 - 2015-05-23 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 22:25 - 2015-05-23 03:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 22:25 - 2015-05-23 03:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 22:25 - 2015-05-23 03:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 22:25 - 2015-05-23 03:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 22:18 - 2015-05-26 04:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 22:18 - 2015-05-26 04:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 22:18 - 2015-05-26 04:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 22:18 - 2015-05-26 04:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 22:18 - 2015-05-26 04:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 22:18 - 2015-05-26 04:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 22:18 - 2015-05-26 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 22:18 - 2015-05-26 04:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 22:18 - 2015-05-26 04:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 22:18 - 2015-05-26 04:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 22:18 - 2015-05-26 04:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 22:18 - 2015-05-26 04:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 22:18 - 2015-05-26 04:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 22:18 - 2015-05-26 03:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 22:18 - 2015-05-26 03:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 22:18 - 2015-05-26 03:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 22:18 - 2015-05-26 03:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 22:18 - 2015-05-26 03:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 22:18 - 2015-05-26 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 22:18 - 2015-05-26 02:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 22:18 - 2015-05-26 02:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 22:18 - 2015-05-26 02:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 22:18 - 2015-05-23 04:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 22:18 - 2015-05-21 23:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 22:18 - 2015-04-30 04:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 22:18 - 2015-04-30 04:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 22:18 - 2015-04-30 04:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 22:18 - 2015-04-30 04:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 22:18 - 2015-04-30 04:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 22:18 - 2015-04-30 04:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 22:18 - 2015-04-30 04:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 22:18 - 2015-04-30 04:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 22:18 - 2015-04-30 04:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 22:18 - 2015-04-30 04:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 22:17 - 2015-05-26 03:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 22:17 - 2015-04-25 04:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 22:17 - 2015-04-25 03:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 22:17 - 2015-04-11 13:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-04 10:42 - 2015-06-04 10:42 - 00000000 ____D C:\Users\family\AppData\Local\GWX
2015-06-03 03:55 - 2015-06-11 03:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-29 07:31 - 2015-05-29 07:35 - 120306183 _____ C:\Users\family\Downloads\_stonerproblems-(DatPiff.com).zip
2015-05-26 01:07 - 2015-05-26 01:07 - 00000000 ___RD C:\Users\family\OneDrive
2015-05-21 07:39 - 2015-05-21 07:41 - 03888054 _____ C:\Users\family\Desktop\New Bitmap Image.bmp
2015-05-14 03:08 - 2015-05-14 03:08 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 03:01 - 2015-05-14 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 03:01 - 2015-05-01 23:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:01 - 2015-05-01 23:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 05:31 - 2015-04-18 13:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 05:31 - 2015-04-18 12:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 05:27 - 2015-04-13 13:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 05:26 - 2015-04-20 13:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 05:26 - 2015-04-20 13:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 05:26 - 2015-04-20 12:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 05:26 - 2015-04-08 13:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 05:26 - 2015-04-08 13:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 05:26 - 2015-04-08 13:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 05:26 - 2015-02-18 17:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 05:26 - 2015-02-18 17:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 05:26 - 2015-01-29 13:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 05:26 - 2015-01-29 13:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 05:25 - 2015-03-04 14:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 05:25 - 2015-03-04 14:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 05:25 - 2015-03-04 14:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 05:25 - 2015-03-04 14:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 05:25 - 2015-03-04 14:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 05:25 - 2015-03-04 14:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 05:25 - 2015-03-04 14:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-12 14:21 - 2013-02-14 16:54 - 02026076 _____ C:\Windows\WindowsUpdate.log
2015-06-12 14:18 - 2013-12-10 10:40 - 00000000 ___RD C:\Users\family\Dropbox
2015-06-12 14:18 - 2013-12-10 10:38 - 00000000 ____D C:\Users\family\AppData\Roaming\Dropbox
2015-06-12 14:18 - 2013-10-24 20:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-12 14:18 - 2013-04-08 01:00 - 00021888 _____ C:\Windows\setupact.log
2015-06-12 14:18 - 2011-11-26 06:50 - 00000000 ____D C:\ProgramData\PDFC
2015-06-12 14:18 - 2011-11-26 06:36 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-12 14:18 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-12 14:17 - 2014-11-03 22:59 - 00000000 ____D C:\Users\family\AppData\Local\Adobe
2015-06-12 14:17 - 2009-07-14 14:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-12 14:17 - 2009-07-14 14:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-12 14:03 - 2010-11-21 13:47 - 00944248 _____ C:\Windows\PFRO.log
2015-06-12 13:59 - 2011-11-26 06:51 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-06-12 13:57 - 2014-04-11 09:35 - 00000000 ____D C:\Program Files (x86)\Winamp
2015-06-12 13:57 - 2013-12-14 19:00 - 00000000 ____D C:\ProgramData\Skype
2015-06-12 13:56 - 2013-03-06 07:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-12 13:55 - 2013-10-09 11:34 - 00000000 ____D C:\Program Files (x86)\etax2013
2015-06-12 13:53 - 2013-10-24 20:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-11 17:24 - 2013-12-14 19:00 - 00000000 ____D C:\Users\family\AppData\Roaming\Skype
2015-06-11 11:11 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 10:10 - 2014-11-13 02:28 - 00000000 __SHD C:\Users\family\AppData\Local\EmieBrowserModeList
2015-06-11 10:10 - 2014-04-23 09:28 - 00000000 __SHD C:\Users\family\AppData\Local\EmieUserList
2015-06-11 10:10 - 2014-04-23 09:28 - 00000000 __SHD C:\Users\family\AppData\Local\EmieSiteList
2015-06-11 03:30 - 2009-07-14 15:13 - 00791118 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 03:24 - 2009-07-14 14:45 - 00435832 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 03:23 - 2014-12-11 02:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 03:23 - 2014-05-01 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 03:23 - 2013-06-19 09:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-11 03:22 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 03:17 - 2015-03-12 09:03 - 00000000 ____D C:\Users\family\AppData\Roaming\tor
2015-06-11 03:06 - 2013-02-20 16:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:05 - 2013-07-13 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 03:01 - 2013-02-19 13:40 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 00:25 - 2013-02-14 17:08 - 00000000 ____D C:\Users\family\Desktop\Mum
2015-06-03 09:07 - 2014-02-13 16:29 - 00005678 _____ C:\Users\family\Desktop\icp cds.txt
2015-05-26 01:07 - 2014-07-17 13:56 - 00002162 _____ C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-26 01:07 - 2013-02-14 16:55 - 00000000 ____D C:\Users\family
2015-05-20 07:54 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 07:54 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-20 06:54 - 2015-03-13 08:36 - 00000000 ____D C:\Users\family\AppData\Roaming\Rainmaker Software Group LLC.​
2015-05-20 06:54 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\TAPI
2015-05-18 08:48 - 2013-10-24 20:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 08:48 - 2013-10-24 20:08 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 06:50 - 2015-03-12 08:53 - 00000000 __SHD C:\Users\family\AppData\84C6B880-0115-11E1-8840-386077A89ADC
2015-05-14 20:21 - 2013-10-18 16:14 - 00000000 ____D C:\ProgramData\Oracle
2015-05-14 20:20 - 2015-03-20 08:21 - 00000000 ____D C:\Users\family\Desktop\Brad
2015-05-14 03:32 - 2013-12-10 10:39 - 00000000 ____D C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-14 03:27 - 2013-03-15 02:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 03:27 - 2013-03-15 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:26 - 2010-11-21 17:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 03:26 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 03:08 - 2013-03-06 07:26 - 00001945 _____ C:\Windows\epplauncher.mif
2015-05-14 03:08 - 2013-03-06 07:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-14 03:08 - 2013-03-06 07:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

==================== Files in the root of some directories =======

2011-11-26 06:54 - 2011-06-10 09:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
2015-03-20 08:10 - 2015-03-20 08:10 - 0007605 _____ () C:\Users\family\AppData\Local\Resmon.ResmonCfg
2013-06-21 20:12 - 2014-07-12 11:51 - 0000081 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\family\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm1qjr5.dll
C:\Users\family\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.15.exe
C:\Users\family\AppData\Local\Temp\HitmanPro.exe
C:\Users\family\AppData\Local\Temp\i4jdel0.exe
C:\Users\family\AppData\Local\Temp\i4jdel1.exe
C:\Users\family\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\family\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\family\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\family\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\family\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\family\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\family\AppData\Local\Temp\OfficeSetup.exe
C:\Users\family\AppData\Local\Temp\ose00000.exe
C:\Users\family\AppData\Local\Temp\Quarantine.exe
C:\Users\family\AppData\Local\Temp\setup.exe
C:\Users\family\AppData\Local\Temp\sqlite3.dll
C:\Users\family\AppData\Local\Temp\SRLDetectionLibrary1516068474772419558.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite10333.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite10755.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite11157.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite11344.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite11845.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite12985.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite13362.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite13547.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite15580.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite16174.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite17414.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite17638.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite17794.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite18096.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite18262.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite19122.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite20461.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite22310.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite22449.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite22928.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite24547.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite24564.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite25904.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite28165.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite30193.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite31230.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite31798.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite32704.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite33853.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite34188.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite34703.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite34728.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite34860.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite35878.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite36376.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite36801.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite37185.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite38271.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite38285.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite39235.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite39866.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite39871.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite39983.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite40204.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite41224.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite41424.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite41966.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite42389.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite42670.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite42883.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite42917.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite43901.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite44179.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite44701.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite45178.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite45230.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite45608.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite46819.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite47689.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite49021.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite49416.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite49599.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite50505.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite50579.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite52533.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite53006.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite53016.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite53076.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite53512.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite54490.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite55297.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite56033.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite56083.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite56722.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite58252.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite58364.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite58425.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite58430.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite58938.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite59731.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite59797.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite60840.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite60887.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite60938.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite61415.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite61488.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite64278.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite65799.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite66093.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite66328.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite66597.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite68382.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite70025.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite70684.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite70745.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite71628.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite72670.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite72728.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite73652.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite73710.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite75126.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite75243.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite75350.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite76996.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite77443.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite77532.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite77639.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite78475.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite79040.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite79123.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite79263.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite79268.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite79995.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite80415.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite80991.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite81268.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite81455.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite82069.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite82188.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite83126.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite83531.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite84388.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite85745.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite85755.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite85862.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite86241.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite86435.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite87346.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite87369.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite87661.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite89964.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite90315.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite90343.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite91073.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite91448.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite92381.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite92664.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite96718.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite97632.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite98229.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite98281.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite98426.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite99135.dll
C:\Users\family\AppData\Local\Temp\System.Data.SQLite99570.dll
C:\Users\family\AppData\Local\Temp\winzipdusetup_WZDU16_20130711.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 00:23

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by family at 2015-06-12 14:25:31
Running from C:\Users\family\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-378932227-2856890839-977457961-500 - Administrator - Disabled)
family (S-1-5-21-378932227-2856890839-977457961-1000 - Administrator - Enabled) => C:\Users\family
Guest (S-1-5-21-378932227-2856890839-977457961-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-378932227-2856890839-977457961-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-378932227-2856890839-977457961-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-378932227-2856890839-977457961-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
e-tax 2014 (HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.8.758 - Australian Taxation Office)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
K-Lite Mega Codec Pack 10.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-378932227-2856890839-977457961-1000\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
NVIDIA 3D Vision Driver 267.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 275.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.3.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.6 - NVIDIA Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerPoint Viewer 2.0 (HKLM-x32\...\PowerPoint Viewer 2.0) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

30-05-2015 18:13:23 Windows Update
03-06-2015 02:08:09 Windows Update
06-06-2015 18:13:33 Windows Update
10-06-2015 02:08:02 Windows Update
11-06-2015 03:00:11 Windows Update
12-06-2015 13:52:37 Removed Skype Click to Call
12-06-2015 13:53:27 Removed Skype Click to Call
12-06-2015 13:54:23 Removed e-tax 2013
12-06-2015 13:55:24 Removed Java 8 Update 45
12-06-2015 13:56:56 Removed Skype™ 7.0
12-06-2015 13:58:00 Windows Live Essentials
12-06-2015 13:58:18 WLSetup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2015-03-13 07:27 - 00000019 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BBF949-248D-44E0-943D-7EC5CD57A6C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {02736DBA-3471-4A9E-95E9-3E43F1365AA2} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {2E284F55-E6FD-4AE4-91C0-68AEDAD03949} - System32\Tasks\4823 => Wscript.exe C:\Users\family\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {2F5D1A05-C151-4E53-9A46-48973E962B74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {47EEBC38-C04D-4D23-853D-855D79ED1172} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {5C232642-C413-4E4B-AD6E-E375902391FB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {66DF899E-10EA-4259-A015-18B5C3E515F3} - System32\Tasks\MicrosoftOfficeUpdate => C:\Users\family\AppData\84C6B880-0115-11E1-8840-386077A89ADC\hsched2.vbs [2015-03-12] ()
Task: {6E9DB0C1-83AF-4195-9F16-565359C1B65E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {6EF1F7C2-BC69-41B7-97B9-F2496CF14B32} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {7279F845-0B73-4BB6-8F43-1AE4249DB341} - System32\Tasks\{6B32D1AD-2268-434D-A2E3-A5A40AAE8B1E} => pcalua.exe -a "C:\Users\family\Documents\Vuze Downloads\Sierra Games Collection\Kings Quest Collection XP.exe" -d "C:\Users\family\Documents\Vuze Downloads\Sierra Games Collection"
Task: {76771FA3-5913-4AB1-94B2-2214B3FB47A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {854F81F2-32E2-41FF-8166-9DBEC4E4272D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-16] (Microsoft Corporation)
Task: {87C1E686-6EF2-412E-A89D-3AC736A1CE57} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {8F319ECB-43E3-4CFA-8AC6-E95C39C75FDF} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {971C2A0A-2A35-4A05-B3F5-FEAF0EB5B1DB} - System32\Tasks\{9180EF93-20D3-4534-938F-FFFF72C15115} => pcalua.exe -a C:\Users\family\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=smt
Task: {9D1A38A4-FD9D-48D8-AE39-BD999164E002} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {B344725B-B178-4D0A-9349-BFF3EE2BE8BB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {B44023AE-8460-4149-BCC0-322E317A0A5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-09] (Hewlett-Packard)
Task: {C4BD16BA-C715-405F-99C1-683AA235DC4A} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-17] (Microsoft Corporation)
Task: {C7A6ECD1-39B5-4371-A5A6-1F58044ECC9C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C8BB5F63-D6A1-4AB1-AEB1-CADE640AD809} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {CBB28693-D4DE-4ED9-A297-22A871B26334} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {CFCF7470-A0AE-42EB-813C-70FB3D9620E5} - System32\Tasks\{C8D9AFC5-A8E3-4DA3-82DB-C03673E07C47} => pcalua.exe -a "C:\Users\family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRJI4HDO\air3-9_win.exe" -d C:\Users\family\Desktop
Task: {E83A5C65-B0CB-45BB-A918-F5635F9AE9F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 21:35 - 2015-01-20 21:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 21:35 - 2015-01-20 21:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-12 14:18 - 2015-06-12 14:18 - 00043008 _____ () c:\users\family\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm1qjr5.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00750080 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00047616 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00865280 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00200704 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:25638C60856ECA57

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-378932227-2856890839-977457961-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\family\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EB7A5D38-30F5-4B7C-A017-12F4BB241A95}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{2B4B7299-B918-47D1-9391-39AF56348A8A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{3714E555-FC59-4A23-8D26-14DEEB3A97E4}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{CEF6510F-B741-4D8D-A19A-1D64BDA8436F}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{D9D9B698-E330-4BAF-8AE7-486AE7A2C0BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B8BD32C-44B4-4376-A4CA-C7D3621205D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7A696705-EDAD-4944-8455-3B2EB4CB3F7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{39190F8E-CD83-432D-B47C-1DFB3167A55F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FD445CF1-73CD-487D-B772-9309457C5A54}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{ECEE240E-9AEE-44C8-93A6-CECCF9565047}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{99AF64FD-2E2B-4CC3-AADF-EEE2DC0C8C8B}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{3559082A-6E3C-4FD1-8230-72792E18FC79}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [TCP Query User{8868616F-1B9B-4BAC-9ECA-B91181DC4C64}C:\users\family\appdata\roaming\qule\otusn.exe] => (Block) C:\users\family\appdata\roaming\qule\otusn.exe
FirewallRules: [UDP Query User{83F64558-A2E5-4E99-82B7-4CF0722745BA}C:\users\family\appdata\roaming\qule\otusn.exe] => (Block) C:\users\family\appdata\roaming\qule\otusn.exe
FirewallRules: [TCP Query User{36082C95-45C8-46D5-B757-150E1A19D84E}C:\users\family\appdata\roaming\qule\otusn.exe] => (Block) C:\users\family\appdata\roaming\qule\otusn.exe
FirewallRules: [UDP Query User{D565EB3E-4DD3-45A0-9D33-FE3A502D0391}C:\users\family\appdata\roaming\qule\otusn.exe] => (Block) C:\users\family\appdata\roaming\qule\otusn.exe
FirewallRules: [{C15000B4-714B-4EEF-8959-427E8ACEF7F6}] => (Allow) C:\Users\family\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{E0566B38-5919-4398-9BAD-C88B566F366A}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{B00F348E-61CC-4B89-80D9-0D5AE714CD95}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{B8DA1E65-757A-4414-832E-C03068B5D2E1}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{6F434206-4AB6-46AD-A391-F5C34CD958BE}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [{F81F1CC6-4BB0-41EF-B2E2-2B60B6C9F6E6}] => (Allow) C:\Users\family\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0DB4A46F-9431-4684-A50C-C950435A6792}] => (Allow) C:\Users\family\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{3DC5D648-B265-46B8-B8A7-E35BD0053177}C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{804092CE-519D-4A58-9A67-BD0AAAFAC8E0}C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{9E9BD2CE-6EFE-4739-BF58-249A7BD47721}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{1DCE76C4-97A0-4D23-BD77-4A6FC355A2AD}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{26B7729B-0C5E-4CC9-8CAD-7DBC3AC317E9}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{F816C142-9829-46EF-8EFB-09A522D78942}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{A89133EC-DF7E-47B6-81AB-64D9182F0125}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DCCA4A53-12B6-4338-A5F4-9AC8993B9F7E}] => (Allow) LPort=2869
FirewallRules: [{8AA43C54-AB0F-4861-8152-4CF5A84C09D9}] => (Allow) LPort=1900
FirewallRules: [{C3FD67B4-EEB4-47F7-BED0-E2CF4D10D28E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B5E60011-9DA7-42ED-A3EC-5262C90B14DB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{EDAF692E-2F10-44FC-8736-3C3FC2A166D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{787A3EA5-FA96-4F93-8050-05EB2A8BBC2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{DF704532-48EF-4311-A304-C3FDA83437E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC2C9F48-55E9-4353-A7AD-E8064709B3E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1EED2727-52DE-4C3F-8D69-2FE615026116}C:\windows\system32\windowspowershell\v1.0\powershell.exe] => (Block) C:\windows\system32\windowspowershell\v1.0\powershell.exe
FirewallRules: [UDP Query User{59272A13-2ADA-4B6A-91FA-8A8FD7FD6E8E}C:\windows\system32\windowspowershell\v1.0\powershell.exe] => (Block) C:\windows\system32\windowspowershell\v1.0\powershell.exe
FirewallRules: [{8179DEC8-4014-440B-A650-F946DA99F341}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2B9441BD-B551-45D8-ABFA-15357C2C42FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{78972980-F093-4C04-8F75-ECA8761C35CF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{26D0C71A-FBE1-448A-8378-564E6B4E6B0F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F9F42702-094B-4F7B-8148-3AA90B8CDAA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{00B16557-4AA0-4B59-A454-729F8FF3B856}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [TCP Query User{3502A752-B5D0-4DA9-A0D0-0618DAE00C47}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{6A107751-687C-4FF0-BEC9-69D882EFC285}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{DBCDDE1D-BA08-407E-BFB0-0093250AE867}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D97B3963-D163-402E-8E97-930078727A83}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{79CE58E2-FEC0-4378-9A07-1E3ED3474386}C:\windows\syswow64\windowspowershell\v1.0\powershell.exe] => (Block) C:\windows\syswow64\windowspowershell\v1.0\powershell.exe
FirewallRules: [UDP Query User{B61D752B-90C1-4607-BBF0-CFFF0164931F}C:\windows\syswow64\windowspowershell\v1.0\powershell.exe] => (Block) C:\windows\syswow64\windowspowershell\v1.0\powershell.exe
FirewallRules: [{8FD027DB-510F-4DF2-974D-3A3F6D93652F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{289AC216-77D9-4741-89E5-4E83BEC36831}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{ADE14B35-B4F6-4352-9C07-6EF099490602}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{7FFA3069-ADC8-41DB-8BA8-EE04B33DD152}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2015 01:58:18 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: familys)
Description: Application or service 'Windows Search' could not be shut down.

Error: (06/12/2015 02:28:01 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1".Error in manifest or policy file "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2" on line SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
Definition is SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/12/2015 02:27:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/11/2015 03:44:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9953

Error: (06/11/2015 03:44:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9953

Error: (06/11/2015 03:44:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/11/2015 00:51:50 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1".Error in manifest or policy file "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2" on line SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
Definition is SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/11/2015 00:51:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/10/2015 02:05:34 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1".Error in manifest or policy file "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2" on line SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
Definition is SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/10/2015 02:05:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (06/12/2015 02:20:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (06/12/2015 02:05:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (06/12/2015 00:46:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/12/2015 00:46:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/12/2015 01:17:31 AM) (Source: DCOM) (EventID: 10016) (User: familys)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}familysfamilyS-1-5-21-378932227-2856890839-977457961-1000LocalHost (Using LRPC)

Error: (06/12/2015 01:17:31 AM) (Source: DCOM) (EventID: 10016) (User: familys)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}familysfamilyS-1-5-21-378932227-2856890839-977457961-1000LocalHost (Using LRPC)

Error: (06/11/2015 05:21:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (06/11/2015 04:40:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (06/11/2015 03:34:12 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (06/11/2015 03:34:09 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8174.52 MB
Available physical RAM: 5913.32 MB
Total Pagefile: 16347.25 MB
Available Pagefile: 13892.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.46 GB) (Free:644.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.95 GB) (Free:1.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B8383026)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End of log ============================

 


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hello Zuggalo and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I am in the process of analysing your logs and will have a fix posted for you soon. :)

  • 0

#3
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Zuggalo

OK, let's see if we can get things fixed up for you. :)

First a bit of advice on P2P and file sharing programs

P2P Warning: !

IMPORTANT I have noticed that there are signs of P2P (Peer to Peer) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Risks of Peer to Peer systems
P2P programs: Popular and perilous

If you continue to use P2P programs it is likely that you will get infected again.

I would recommend that you uninstall them, however that choice is up to you.

If you decide to keep the programs in spite of the risks involved, do not use them until I have finished cleaning your computer and have given you the all clear.


Step1 - Uninstall unwanted programs

Please uninstall the following unwanted programs:

GoforFiles
Vuze



Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall e.g. Vuze
Click uninstall.
Repeat the above steps for all the other programs to remove.


Step2 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   2.23KB   207 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    Things for your next post:
  • fixlog.txt

    Thanks

  • 0

#4
zuggalo

zuggalo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts

hi thanks for your help so far and good luck with the training.

 

GoForFiles isnt in the uninstall list

 

Vuze i get this error when trying to uninstall "No JVM could be found on your system. Please define EXE4J_JAVA_HOME to point to an installed 32-bit / 64-bit JDK or JRE or download a JRE from www.java.com." Ive done nothing about it yet.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by family at 2015-06-13 12:37:09 Run:1
Running from C:\Users\family\Desktop
Loaded Profiles: family & UpdatusUser (Available Profiles: family & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2015-06-11 03:17 - 2015-03-12 09:03 - 00000000 ____D C:\Users\family\AppData\Roaming\tor
Task: {02736DBA-3471-4A9E-95E9-3E43F1365AA2} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {2E284F55-E6FD-4AE4-91C0-68AEDAD03949} - System32\Tasks\4823 => Wscript.exe C:\Users\family\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {87C1E686-6EF2-412E-A89D-3AC736A1CE57} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {8F319ECB-43E3-4CFA-8AC6-E95C39C75FDF} - \ProPCCleaner_Popup No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows:25638C60856ECA57
FirewallRules: [{FD445CF1-73CD-487D-B772-9309457C5A54}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{ECEE240E-9AEE-44C8-93A6-CECCF9565047}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{99AF64FD-2E2B-4CC3-AADF-EEE2DC0C8C8B}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{3559082A-6E3C-4FD1-8230-72792E18FC79}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
C:\Program Files (x86)\GoforFiles
C:\program files (x86)\vuze
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:


*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-378932227-2856890839-977457961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKU\S-1-5-21-378932227-2856890839-977457961-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-378932227-2856890839-977457961-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\family\AppData\Roaming\tor => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02736DBA-3471-4A9E-95E9-3E43F1365AA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02736DBA-3471-4A9E-95E9-3E43F1365AA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E284F55-E6FD-4AE4-91C0-68AEDAD03949}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E284F55-E6FD-4AE4-91C0-68AEDAD03949}" => key removed successfully
C:\Windows\System32\Tasks\4823 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4823" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87C1E686-6EF2-412E-A89D-3AC736A1CE57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87C1E686-6EF2-412E-A89D-3AC736A1CE57}" => key removed successfully
C:\Windows\System32\Tasks\0 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F319ECB-43E3-4CFA-8AC6-E95C39C75FDF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F319ECB-43E3-4CFA-8AC6-E95C39C75FDF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key removed successfully
C:\Windows => ":25638C60856ECA57" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD445CF1-73CD-487D-B772-9309457C5A54} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECEE240E-9AEE-44C8-93A6-CECCF9565047} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99AF64FD-2E2B-4CC3-AADF-EEE2DC0C8C8B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3559082A-6E3C-4FD1-8230-72792E18FC79} => value removed successfully
"C:\Program Files (x86)\GoforFiles" => File/Folder not found.
C:\program files (x86)\vuze => moved successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 4.5 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 12:38:27 ====


  • 0

#5
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Zuggalo
 

good luck with the training.


Thanks! :)
 

Vuze i get this error when trying to uninstall "No JVM could be found on your system. Please define EXE4J_JAVA_HOME to point to an installed 32-bit / 64-bit JDK or JRE or download a JRE from www.java.com." Ive done nothing about it yet.


Let's see if we can take care of this. :)

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CloseProcesses:
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze" /F
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Junkware Removal Tool


    Download Junkware Removal Tool by thisisu and save it to your desktop.

    Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

    1.Ensure all programs and windows are closed before proceeding.
    2.Simply double-click the program icon to run it. It will ask for administrator privileges.
    3.A black window will appear. Press any key to continue.
    4.Wait for it to finish. It won't take long.
    5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    7. Reboot your machine and enable your anti virus again.


    Step3 - AdwCleaner


    Download AdwCleaner from here to the Desktop
    • Close all open windows and browsers
    • Double click the Adwcleaner icon to execute the program
    • When the Tool opens for the first time accept the Terms of use
      AdwCleaner.png
    • Click the Scan button and wait for the program to finish.
    • When finished, please click Clean.
    • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open
    • Please copy/paste the generated log to your next reply.
    Things for your next post:
  • fixlog.txt
  • JRT.txt
  • AdwCleaner[S*].txt

    Thanks

  • 0

#6
zuggalo

zuggalo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by family at 2015-06-15 07:41:17 Run:2
Running from C:\Users\family\Desktop
Loaded Profiles: family & UpdatusUser (Available Profiles: family & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze" /F
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

EmptyTemp: => 234.8 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 07:41:32 ====

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.6 (06.14.2015:2)
OS: Windows 7 Home Premium x64
Ran by family on Mon 15/06/2015 at  7:45:09.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{168E4319-69E3-4AC2-94CA-C3399D10451A}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{223B39E8-2D7E-4532-B79A-DA6FB0F9DB32}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{526CC32C-942A-4FD7-A2B6-7642DC9B659D}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{5281C4DE-376A-4831-910C-6475AB387475}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{56649FC0-5950-4EC9-88BC-5F626B4C28AC}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{5E6CEC61-C861-47D3-98B7-5AA851EDDA2A}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{969D1D62-CFCF-47D6-9655-75B15C45EB9F}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{977D7093-E0F4-4772-9B54-1EE506190A4B}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{A18DB84A-A24F-4C92-AFC2-054C2EBB7D52}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{BB2CD6F0-60E3-4772-9AC6-9668943DD956}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{C56491F5-567B-4ED0-BAC9-C6F2762B5C5A}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{C885E0C4-9BEC-4956-93B8-BEBC4CC2E59D}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{CD41CC35-49BF-4057-B8C1-8B94579DFF35}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{CEF337A3-0835-4B3D-BC6F-7B8801ED24C0}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{D0370637-C8BC-498B-91D5-8A094C68CF2C}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{DC8303FE-1782-40C0-B274-4D849C46BA46}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{E598454A-0308-42FE-AB06-4727879D49C3}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{EF87B5C9-D11B-4723-8592-669E964CE07E}
Successfully deleted: [Empty Folder] C:\Users\family\appdata\local\{F9F9A9B8-5885-4B0D-88FC-A61162A6788B}
Successfully deleted: [Folder] C:\ProgramData\sparktrust
Successfully deleted: [Folder] C:\Users\family\AppData\Roaming\sparktrust



~~~ Chrome


[C:\Users\family\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\family\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\family\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\family\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  booedmolknjekdopkepjjeckmjkdpfgl,
  flpcjncodpafbgdpnkljologafpionhb,
  niapdbllcanepiiimjjndipklodoedlc
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 15/06/2015 at  7:47:22.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v4.206 - Logfile created 15/06/2015 at 07:54:23
# Updated 01/06/2015 by Xplode
# Database : 2015-06-14.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : family - FAMILYS
# Running from : C:\Users\family\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [7532 bytes] - [13/03/2015 06:31:02]
AdwCleaner[R1].txt - [910 bytes] - [15/06/2015 07:49:07]
AdwCleaner[R2].txt - [1026 bytes] - [15/06/2015 07:52:47]
AdwCleaner[S0].txt - [6729 bytes] - [13/03/2015 06:32:47]
AdwCleaner[S1].txt - [973 bytes] - [15/06/2015 07:50:02]
AdwCleaner[S2].txt - [953 bytes] - [15/06/2015 07:54:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1011  bytes] ##########


  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Zuggalo

We'll try to get rid of the remnants of Vuze another way.

Add Remove Program Cleaner:

Please download Add Remove Program Cleaner to your desktop.
  • Right-click on addremovecleaner.exe and select Run as Administrator to launch the program.
  • Locate Vuzein the menu and click once on it to highlight.
  • Now click on Remove from add/remove programs list
  • At the prompt click on yes.
  • Once completed click on Exit.
  • Now delete addremovecleaner from the desktop, empty the Recycle Bin and reboot your computer.
    When completed the above procedure let myself know the outcome, thank you.

    Then

    Step1 - Scan with Malwarebytes


    Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
    MBAM2_zps52e3211b.png
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish,so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
  • Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


    Step2 - ESET on line scan


    Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here. If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG

  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Step3 - Fresh FRST scan
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.


    Things for your next post:
  • Outcome of removal of Vuze
  • MBAM log
  • ESET log.txt
  • FRST.txt and Addition.txt
  • How is your computer running now?

    Thanks

  • 0

#8
zuggalo

zuggalo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts

while looking for the actual firefox program i also found a file in program files (x86) called filehippo.com it contains a file updatechecker.exe.config

Vuze still has some shortcuts laying around pointing to "C:\FRST\Quarantine\C\program files (x86)\vuze\Azureus.exe" guessing these can go now?

 

still having some problems with graphic errors, im not sure if you can tell but its actually part of the scroll bar in the history spot, similar things are happening with pics on a page being replaced by diff pics on the page as soon as i scroll over the spot it fixes it

210loc3.jpg

 

mums getting these errors on facebook as well i have no idea if either of the above are virus/hardware something else or even anything worth worrying about

 

a24tn6.jpg

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18/06/2015
Scan Time: 11:13:00 AM
Logfile: jkhk.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.17.05
Rootkit Database: v2015.06.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: family

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 405097
Time Elapsed: 20 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)








ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3a673fe227d8094bbd05cdbe854f4936
# end=init
# utc_time=2015-06-18 04:47:09
# local_time=2015-06-18 02:47:09 (+1000, Tasmania Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24383
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3a673fe227d8094bbd05cdbe854f4936
# end=updated
# utc_time=2015-06-18 04:52:03
# local_time=2015-06-18 02:52:03 (+1000, Tasmania Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3a673fe227d8094bbd05cdbe854f4936
# engine=24383
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-18 05:55:26
# local_time=2015-06-18 03:55:26 (+1000, Tasmania Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3070010 75113842 0 0
# scanned=88601
# found=15
# cleaned=0
# scan_time=3802
sh=E527BBCAFEDDC287A621A2DB49A1F10502C1E3D0 ft=1 fh=4c77490216ec3f95 vn="a variant of Win32/ELEX.BH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=9703A00A9033EA51B40B4772437460089D4503D6 ft=1 fh=da99dbaa01de7d6c vn="a variant of Win32/Adware.ConvertAd.QJ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\family\AppData\Roaming\ASPackage\ASPackage.exe.vir"
sh=E035DE874BDBD35FE0EDD96302B2C980255C1498 ft=1 fh=a6e973434b7a08bb vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\family\AppData\Roaming\IHlpr\86D9989CD51D442B9AA6FE19AF7C8179\setupS_p2v0.exe.vir"
sh=AC5A1843C2F57A194B0D5B06C00B088C7629E398 ft=1 fh=483b0211fffce2e0 vn="Win32/UniBlue.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\family\AppData\Roaming\IHlpr\A4B44C42DA3F46E3A7B374F19D6A59BF\speedupmypc-AU-NZ-p2v4.exe.vir"
sh=C470D4646BADC27EABAD3128F38186DC0B245DE1 ft=1 fh=026c24fe8dd2cc30 vn="a variant of Win32/Toolbar.Besttoolbars.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\family\AppData\Roaming\OpenCandy\267F7229B2844679B4FB312EF064B3D0\BreakingNews_silent_134.exe.vir"
sh=A15C9536148CE02615132AE1DB1A6BF8F873A726 ft=1 fh=41c25fe63c7f6257 vn="Win32/Installium.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\family\AppData\Roaming\OpenCandy\DA8E8D56B0E34132957FE5C808596204\search_protect_global.exe.vir"
sh=A5528323CDD43E18F4DEB0E8191CC638B1E43F8A ft=1 fh=0ecc4e1d030a8afd vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=2947BDCAF6295F6570D5A435221ADA1D21884B9B ft=1 fh=2d79bdeb9a8d54b0 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys.vir"
sh=63D85E32DF47EF572D8E86C9EF01D3FCE83F3FC2 ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\heroquest4win\QG4 Codes.doc"
sh=7AA6B45031CC54D6C31B7723D0FAB4F3D0F3DA56 ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\Larry 1 EGA\Age Questions.doc"
sh=0DC98A6D13D5988D5ECDFC9017AACFF56FA560C8 ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\Larry 1 VGA\Copy Protection Questions.doc"
sh=CC66AA391AD4B4D45116FE384DBEC7B720EC986B ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\Larry 3\Larry 3 - Copyprotection Manual.doc"
sh=656C3A6AB5F15C19EC88EBA2E7E1DBD9949B3731 ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\Larry 7\Notes.doc"
sh=76F23A68AAE53E1A84CA1BE31A5477F8B163A852 ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\roberta-williams-phantasmagoria\Phantasm\Docs\Readme.doc"
sh=2B3662678BD511ADDFF2979AA5310427EDCBBFDD ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Mum\salmat\area rep christmas lunch.doc"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3a673fe227d8094bbd05cdbe854f4936
# end=init
# utc_time=2015-06-18 05:55:56
# local_time=2015-06-18 03:55:56 (+1000, Tasmania Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24392
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3a673fe227d8094bbd05cdbe854f4936
# end=updated
# utc_time=2015-06-18 04:19:04
# local_time=2015-06-19 02:19:04 (+1000, Tasmania Standard Time)
# country="Australia"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3a673fe227d8094bbd05cdbe854f4936
# engine=24392
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-18 06:26:05
# local_time=2015-06-19 04:26:05 (+1000, Tasmania Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3115049 75158881 0 0
# scanned=271527
# found=15
# cleaned=0
# scan_time=7620
sh=E527BBCAFEDDC287A621A2DB49A1F10502C1E3D0 ft=1 fh=4c77490216ec3f95 vn="a variant of Win32/ELEX.BH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=9703A00A9033EA51B40B4772437460089D4503D6 ft=1 fh=da99dbaa01de7d6c vn="a variant of Win32/Adware.ConvertAd.QJ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\family\AppData\Roaming\ASPackage\ASPackage.exe.vir"
sh=E035DE874BDBD35FE0EDD96302B2C980255C1498 ft=1 fh=a6e973434b7a08bb vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\family\AppData\Roaming\IHlpr\86D9989CD51D442B9AA6FE19AF7C8179\setupS_p2v0.exe.vir"
sh=AC5A1843C2F57A194B0D5B06C00B088C7629E398 ft=1 fh=483b0211fffce2e0 vn="Win32/UniBlue.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\family\AppData\Roaming\IHlpr\A4B44C42DA3F46E3A7B374F19D6A59BF\speedupmypc-AU-NZ-p2v4.exe.vir"
sh=C470D4646BADC27EABAD3128F38186DC0B245DE1 ft=1 fh=026c24fe8dd2cc30 vn="a variant of Win32/Toolbar.Besttoolbars.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\family\AppData\Roaming\OpenCandy\267F7229B2844679B4FB312EF064B3D0\BreakingNews_silent_134.exe.vir"
sh=A15C9536148CE02615132AE1DB1A6BF8F873A726 ft=1 fh=41c25fe63c7f6257 vn="Win32/Installium.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\family\AppData\Roaming\OpenCandy\DA8E8D56B0E34132957FE5C808596204\search_protect_global.exe.vir"
sh=A5528323CDD43E18F4DEB0E8191CC638B1E43F8A ft=1 fh=0ecc4e1d030a8afd vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=2947BDCAF6295F6570D5A435221ADA1D21884B9B ft=1 fh=2d79bdeb9a8d54b0 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys.vir"
sh=63D85E32DF47EF572D8E86C9EF01D3FCE83F3FC2 ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\heroquest4win\QG4 Codes.doc"
sh=7AA6B45031CC54D6C31B7723D0FAB4F3D0F3DA56 ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\Larry 1 EGA\Age Questions.doc"
sh=0DC98A6D13D5988D5ECDFC9017AACFF56FA560C8 ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\Larry 1 VGA\Copy Protection Questions.doc"
sh=CC66AA391AD4B4D45116FE384DBEC7B720EC986B ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\Larry 3\Larry 3 - Copyprotection Manual.doc"
sh=656C3A6AB5F15C19EC88EBA2E7E1DBD9949B3731 ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\Larry 7\Notes.doc"
sh=76F23A68AAE53E1A84CA1BE31A5477F8B163A852 ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01\roberta-williams-phantasmagoria\Phantasm\Docs\Readme.doc"
sh=2B3662678BD511ADDFF2979AA5310427EDCBBFDD ft=0 fh=0000000000000000 vn="VBS/ShellPow.A virus" ac=I fn="C:\Users\family\Desktop\Mum\salmat\area rep christmas lunch.doc"









Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by family (administrator) on FAMILYS on 19-06-2015 07:15:45
Running from C:\Users\family\Desktop
Loaded Profiles: family & UpdatusUser (Available Profiles: family & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dropbox, Inc.) C:\Users\family\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [PDF Complete] => c:\program files (x86)\pdf complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe [60712 2015-03-20] (Apple Inc.)
HKU\S-1-5-21-378932227-2856890839-977457961-1000\...\Run: [News.net] => C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
HKU\S-1-5-21-378932227-2856890839-977457961-1000\...\Run: [ISUSPM] => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
HKU\S-1-5-21-378932227-2856890839-977457961-1000\...\Run: [Dropbox Update] => C:\Users\family\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
Startup: C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-12-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\family\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-378932227-2856890839-977457961-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/51
HKU\S-1-5-21-378932227-2856890839-977457961-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL/51
HKU\S-1-5-21-378932227-2856890839-977457961-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/51
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1000 -> {C41BE1AB-12F2-44B8-92B6-FCCF48C060F7} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://au.search.yah...psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-378932227-2856890839-977457961-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://www.kaboodlep...X_WEB_Win32.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\rqft8b3c.default-1430774295619
FF Homepage: hxxp://ww.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-12] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-03-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-03-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Extension: Saved Password Editor - C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\rqft8b3c.default-1430774295619\Extensions\[email protected] [2015-05-05]

Chrome:
=======
CHR Profile: C:\Users\family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06]
CHR Extension: (Google Wallet) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-26] ()
S3 AnyDVD; System32\Drivers\AnyDVD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 07:15 - 2015-06-19 07:16 - 00017412 _____ C:\Users\family\Desktop\FRST.txt
2015-06-18 12:23 - 2015-06-18 12:23 - 02870984 _____ (ESET) C:\Users\family\Downloads\esetsmartinstaller_enu.exe
2015-06-18 12:17 - 2015-06-19 07:15 - 00010765 _____ C:\Users\family\Desktop\jkhk.txt
2015-06-18 11:12 - 2015-06-18 11:12 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 11:12 - 2015-06-18 11:12 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-18 11:12 - 2015-06-18 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-18 11:11 - 2015-06-18 11:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-18 11:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 11:11 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 11:11 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-18 11:10 - 2015-06-18 11:11 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\family\Downloads\mbam-setup-majorgeeks-2.1.6.1022.exe
2015-06-15 07:48 - 2015-06-15 07:48 - 02231296 _____ C:\Users\family\Desktop\AdwCleaner.exe
2015-06-15 07:45 - 2015-06-15 07:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FAMILYS-Windows-7-Home-Premium-(64-bit).dat
2015-06-15 07:45 - 2015-06-15 07:45 - 00000000 ____D C:\RegBackup
2015-06-15 07:44 - 2015-06-15 07:44 - 02945697 _____ (Thisisu) C:\Users\family\Desktop\JRT.exe
2015-06-15 07:41 - 2015-06-15 07:41 - 00000000 ____D C:\Users\family\Desktop\FRST-OlderVersion
2015-06-13 12:42 - 2015-06-13 12:42 - 00000000 ____D C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-13 12:41 - 2015-06-19 06:46 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-378932227-2856890839-977457961-1000UA.job
2015-06-13 12:41 - 2015-06-18 12:46 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-378932227-2856890839-977457961-1000Core.job
2015-06-13 12:41 - 2015-06-13 12:41 - 00003894 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-378932227-2856890839-977457961-1000UA
2015-06-13 12:41 - 2015-06-13 12:41 - 00003498 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-378932227-2856890839-977457961-1000Core
2015-06-13 12:41 - 2015-06-13 12:41 - 00000000 ____D C:\Users\family\AppData\Local\Dropbox
2015-06-13 12:41 - 2015-06-13 12:41 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-12 14:24 - 2015-06-19 07:15 - 00000000 ____D C:\FRST
2015-06-12 14:23 - 2015-06-15 07:41 - 02109952 _____ (Farbar) C:\Users\family\Desktop\FRST64.exe
2015-06-12 14:09 - 2015-06-19 06:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-12 14:09 - 2015-06-15 18:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-12 14:09 - 2015-06-15 18:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-12 14:09 - 2015-06-15 18:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 22:25 - 2015-06-02 05:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 22:25 - 2015-06-02 04:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 22:25 - 2015-05-28 00:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 22:25 - 2015-05-28 00:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 22:25 - 2015-05-23 13:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 22:25 - 2015-05-23 13:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 22:25 - 2015-05-23 13:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 22:25 - 2015-05-23 13:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 22:25 - 2015-05-23 13:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 22:25 - 2015-05-23 13:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 22:25 - 2015-05-23 13:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 22:25 - 2015-05-23 13:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 22:25 - 2015-05-23 13:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 22:25 - 2015-05-23 13:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 22:25 - 2015-05-23 13:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 22:25 - 2015-05-23 13:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 22:25 - 2015-05-23 13:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 22:25 - 2015-05-23 12:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 22:25 - 2015-05-23 12:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 22:25 - 2015-05-23 12:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 22:25 - 2015-05-23 12:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 22:25 - 2015-05-23 12:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 22:25 - 2015-05-23 12:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 22:25 - 2015-05-23 12:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 22:25 - 2015-05-23 12:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 22:25 - 2015-05-23 12:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 22:25 - 2015-05-23 12:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 22:25 - 2015-05-23 12:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 22:25 - 2015-05-23 12:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 22:25 - 2015-05-23 12:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 22:25 - 2015-05-23 05:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 22:25 - 2015-05-23 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 22:25 - 2015-05-23 05:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 22:25 - 2015-05-23 05:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 22:25 - 2015-05-23 05:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 22:25 - 2015-05-23 05:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 22:25 - 2015-05-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 22:25 - 2015-05-23 04:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 22:25 - 2015-05-23 04:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 22:25 - 2015-05-23 04:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 22:25 - 2015-05-23 04:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 22:25 - 2015-05-23 04:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 22:25 - 2015-05-23 04:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 22:25 - 2015-05-23 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 22:25 - 2015-05-23 04:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 22:25 - 2015-05-23 04:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 22:25 - 2015-05-23 04:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 22:25 - 2015-05-23 04:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 22:25 - 2015-05-23 04:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 22:25 - 2015-05-23 04:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 22:25 - 2015-05-23 04:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 22:25 - 2015-05-23 04:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 22:25 - 2015-05-23 04:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 22:25 - 2015-05-23 04:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 22:25 - 2015-05-23 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 22:25 - 2015-05-23 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 22:25 - 2015-05-23 03:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 22:25 - 2015-05-23 03:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 22:25 - 2015-05-23 03:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 22:25 - 2015-05-23 03:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 22:18 - 2015-05-26 04:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 22:18 - 2015-05-26 04:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 22:18 - 2015-05-26 04:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 22:18 - 2015-05-26 04:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 22:18 - 2015-05-26 04:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 22:18 - 2015-05-26 04:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 22:18 - 2015-05-26 04:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 22:18 - 2015-05-26 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 22:18 - 2015-05-26 04:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 22:18 - 2015-05-26 04:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 22:18 - 2015-05-26 04:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 22:18 - 2015-05-26 04:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 04:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 22:18 - 2015-05-26 04:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 22:18 - 2015-05-26 04:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 22:18 - 2015-05-26 04:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 22:18 - 2015-05-26 04:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 22:18 - 2015-05-26 04:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 22:18 - 2015-05-26 03:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 22:18 - 2015-05-26 03:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 22:18 - 2015-05-26 03:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 22:18 - 2015-05-26 03:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 22:18 - 2015-05-26 03:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 22:18 - 2015-05-26 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 03:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 22:18 - 2015-05-26 02:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 22:18 - 2015-05-26 02:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 22:18 - 2015-05-26 02:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:18 - 2015-05-26 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 22:18 - 2015-05-23 04:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 22:18 - 2015-05-23 04:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 22:18 - 2015-05-21 23:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 22:18 - 2015-04-30 04:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 22:18 - 2015-04-30 04:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 22:18 - 2015-04-30 04:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 22:18 - 2015-04-30 04:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 22:18 - 2015-04-30 04:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 22:18 - 2015-04-30 04:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 22:18 - 2015-04-30 04:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 22:18 - 2015-04-30 04:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 22:18 - 2015-04-30 04:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 22:18 - 2015-04-30 04:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 22:17 - 2015-05-26 03:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 22:17 - 2015-04-25 04:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 22:17 - 2015-04-25 03:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 22:17 - 2015-04-11 13:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-04 10:42 - 2015-06-04 10:42 - 00000000 ____D C:\Users\family\AppData\Local\GWX
2015-06-03 03:55 - 2015-06-11 03:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-29 07:31 - 2015-05-29 07:35 - 120306183 _____ C:\Users\family\Downloads\_stonerproblems-(DatPiff.com).zip
2015-05-26 01:07 - 2015-05-26 01:07 - 00000000 ___RD C:\Users\family\OneDrive

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 06:53 - 2013-10-24 20:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 03:00 - 2013-02-14 16:54 - 01427802 _____ C:\Windows\WindowsUpdate.log
2015-06-19 01:23 - 2009-07-14 14:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-19 01:23 - 2009-07-14 14:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-18 11:04 - 2013-12-10 10:40 - 00000000 ___RD C:\Users\family\Dropbox
2015-06-18 11:04 - 2013-12-10 10:38 - 00000000 ____D C:\Users\family\AppData\Roaming\Dropbox
2015-06-18 11:03 - 2013-10-24 20:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-18 11:03 - 2013-04-08 01:00 - 00022168 _____ C:\Windows\setupact.log
2015-06-18 11:03 - 2011-11-26 06:50 - 00000000 ____D C:\ProgramData\PDFC
2015-06-18 11:03 - 2011-11-26 06:36 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-18 11:03 - 2009-07-14 15:08 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-18 11:03 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 21:57 - 2013-02-15 16:53 - 00000000 ____D C:\Users\family\AppData\Local\CrashDumps
2015-06-15 18:45 - 2014-11-03 22:59 - 00000000 ____D C:\Users\family\AppData\Local\Adobe
2015-06-15 07:58 - 2013-02-14 16:55 - 00000000 ____D C:\Users\family
2015-06-15 07:54 - 2015-03-13 06:31 - 00000000 ____D C:\AdwCleaner
2015-06-12 19:34 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-12 14:03 - 2010-11-21 13:47 - 00944248 _____ C:\Windows\PFRO.log
2015-06-12 13:59 - 2011-11-26 06:51 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-06-12 13:57 - 2014-04-11 09:35 - 00000000 ____D C:\Program Files (x86)\Winamp
2015-06-12 13:57 - 2013-12-14 19:00 - 00000000 ____D C:\ProgramData\Skype
2015-06-12 13:56 - 2013-03-06 07:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-12 13:55 - 2013-10-09 11:34 - 00000000 ____D C:\Program Files (x86)\etax2013
2015-06-11 17:24 - 2013-12-14 19:00 - 00000000 ____D C:\Users\family\AppData\Roaming\Skype
2015-06-11 11:11 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 10:10 - 2014-11-13 02:28 - 00000000 __SHD C:\Users\family\AppData\Local\EmieBrowserModeList
2015-06-11 10:10 - 2014-04-23 09:28 - 00000000 __SHD C:\Users\family\AppData\Local\EmieUserList
2015-06-11 10:10 - 2014-04-23 09:28 - 00000000 __SHD C:\Users\family\AppData\Local\EmieSiteList
2015-06-11 03:30 - 2009-07-14 15:13 - 00791118 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 03:24 - 2009-07-14 14:45 - 00435832 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 03:23 - 2014-12-11 02:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 03:23 - 2014-05-01 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 03:23 - 2013-06-19 09:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-11 03:22 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 03:06 - 2013-02-20 16:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:05 - 2013-07-13 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 03:01 - 2013-02-19 13:40 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 00:25 - 2013-02-14 17:08 - 00000000 ____D C:\Users\family\Desktop\Mum
2015-06-03 09:07 - 2014-02-13 16:29 - 00005678 _____ C:\Users\family\Desktop\icp cds.txt
2015-05-26 01:07 - 2014-07-17 13:56 - 00002162 _____ C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-20 07:54 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 07:54 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-20 06:54 - 2015-03-13 08:36 - 00000000 ____D C:\Users\family\AppData\Roaming\Rainmaker Software Group LLC.​
2015-05-20 06:54 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\TAPI

==================== Files in the root of some directories =======

2011-11-26 06:54 - 2011-06-10 09:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
2015-03-20 08:10 - 2015-03-20 08:10 - 0007605 _____ () C:\Users\family\AppData\Local\Resmon.ResmonCfg
2013-06-21 20:12 - 2014-07-12 11:51 - 0000081 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\family\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps7uncp.dll
C:\Users\family\AppData\Local\Temp\Quarantine.exe
C:\Users\family\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 00:17

==================== End of log ============================








Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by family at 2015-06-19 07:16:16
Running from C:\Users\family\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-378932227-2856890839-977457961-500 - Administrator - Disabled)
family (S-1-5-21-378932227-2856890839-977457961-1000 - Administrator - Enabled) => C:\Users\family
Guest (S-1-5-21-378932227-2856890839-977457961-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-378932227-2856890839-977457961-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-378932227-2856890839-977457961-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-378932227-2856890839-977457961-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
e-tax 2014 (HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.8.758 - Australian Taxation Office)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
K-Lite Mega Codec Pack 10.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-378932227-2856890839-977457961-1000\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
NVIDIA 3D Vision Driver 267.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 275.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.3.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.6 - NVIDIA Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerPoint Viewer 2.0 (HKLM-x32\...\PowerPoint Viewer 2.0) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\family\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-378932227-2856890839-977457961-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\family\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

18-06-2015 11:18:43 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2015-06-13 12:37 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BBF949-248D-44E0-943D-7EC5CD57A6C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {2F5D1A05-C151-4E53-9A46-48973E962B74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {47EEBC38-C04D-4D23-853D-855D79ED1172} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {5C232642-C413-4E4B-AD6E-E375902391FB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {66C2EF68-E9F3-4010-8FE1-0EEA5978F1EF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {66DF899E-10EA-4259-A015-18B5C3E515F3} - System32\Tasks\MicrosoftOfficeUpdate => C:\Users\family\AppData\84C6B880-0115-11E1-8840-386077A89ADC\hsched2.vbs [2015-03-12] ()
Task: {6EF1F7C2-BC69-41B7-97B9-F2496CF14B32} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {7279F845-0B73-4BB6-8F43-1AE4249DB341} - System32\Tasks\{6B32D1AD-2268-434D-A2E3-A5A40AAE8B1E} => pcalua.exe -a "C:\Users\family\Documents\Vuze Downloads\Sierra Games Collection\Kings Quest Collection XP.exe" -d "C:\Users\family\Documents\Vuze Downloads\Sierra Games Collection"
Task: {72B95406-1245-4786-B23E-785C52ECE3B2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {76771FA3-5913-4AB1-94B2-2214B3FB47A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {854F81F2-32E2-41FF-8166-9DBEC4E4272D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-16] (Microsoft Corporation)
Task: {971C2A0A-2A35-4A05-B3F5-FEAF0EB5B1DB} - System32\Tasks\{9180EF93-20D3-4534-938F-FFFF72C15115} => pcalua.exe -a C:\Users\family\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=smt
Task: {9D1A38A4-FD9D-48D8-AE39-BD999164E002} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-15] (Adobe Systems Incorporated)
Task: {9D947AF4-4ED7-4BDA-A3E4-F6232A39DC07} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-378932227-2856890839-977457961-1000UA => C:\Users\family\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: {A28A3CBA-F8A5-4B7A-846A-94F08B652DBE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {B44023AE-8460-4149-BCC0-322E317A0A5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-09] (Hewlett-Packard)
Task: {C4BD16BA-C715-405F-99C1-683AA235DC4A} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-17] (Microsoft Corporation)
Task: {C7A6ECD1-39B5-4371-A5A6-1F58044ECC9C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C8BB5F63-D6A1-4AB1-AEB1-CADE640AD809} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {CFCF7470-A0AE-42EB-813C-70FB3D9620E5} - System32\Tasks\{C8D9AFC5-A8E3-4DA3-82DB-C03673E07C47} => pcalua.exe -a "C:\Users\family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRJI4HDO\air3-9_win.exe" -d C:\Users\family\Desktop
Task: {E83A5C65-B0CB-45BB-A918-F5635F9AE9F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {FD29C4F1-7056-48FB-9219-1A1313C9DE04} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-378932227-2856890839-977457961-1000Core => C:\Users\family\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13] (Dropbox, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-378932227-2856890839-977457961-1000Core.job => C:\Users\family\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-378932227-2856890839-977457961-1000UA.job => C:\Users\family\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 21:35 - 2015-01-20 21:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 21:35 - 2015-01-20 21:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-18 11:03 - 2015-06-18 11:03 - 00043008 _____ () c:\users\family\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps7uncp.dll
2015-03-05 07:45 - 2015-03-19 17:15 - 00750080 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 07:45 - 2015-03-19 17:15 - 00047616 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 07:45 - 2015-03-19 17:15 - 00865280 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 07:45 - 2015-03-19 17:15 - 00200704 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-05 07:45 - 2015-03-19 17:15 - 00010240 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-05 07:45 - 2015-03-19 17:15 - 00726016 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-05 07:45 - 2015-03-19 17:15 - 00010240 _____ () C:\Users\family\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-06-12 14:16 - 2015-06-12 14:16 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-378932227-2856890839-977457961-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\family\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2015 04:12:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (06/19/2015 04:12:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

Error: (06/19/2015 04:12:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/19/2015 03:30:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (06/19/2015 03:30:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

Error: (06/19/2015 03:30:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/19/2015 03:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9968

Error: (06/19/2015 03:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9968

Error: (06/19/2015 03:09:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/19/2015 02:48:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969


System errors:
=============
Error: (06/19/2015 02:19:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/19/2015 02:19:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\family\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/19/2015 02:19:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/19/2015 02:19:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\family\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/19/2015 02:19:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/19/2015 02:19:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\family\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/19/2015 02:18:40 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\family\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/19/2015 02:18:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/19/2015 02:18:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (06/19/2015 02:18:40 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\family\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8174.52 MB
Available physical RAM: 6317.88 MB
Total Pagefile: 16347.25 MB
Available Pagefile: 13438.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.46 GB) (Free:656.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.95 GB) (Free:1.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B8383026)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End of log ============================
 


  • 0

#9
zuggalo

zuggalo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts

another pic of the side scroll bar im not even sure where these images came from

2uif3f8.jpg


  • 0

#10
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Zuggalo
 

Vuze still has some shortcuts laying around pointing to "C:\FRST\Quarantine\C\program files (x86)\vuze\Azureus.exe" guessing these can go now?


Yes delete the shortcuts, the file is now quarantined and will be deleted when I remove the tools after the clean up. :)

FireFox scroll bar issue.

I would suggest a refresh/reset of FireFox to see if this resolves your issue.

Security Certificate Issue

This is an error with the DNS configuration of the certificate of the website and therefore nothing to worry about. :)


Then

FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01
Task: {7279F845-0B73-4BB6-8F43-1AE4249DB341} - System32\Tasks\{6B32D1AD-2268-434D-A2E3-A5A40AAE8B1E} => pcalua.exe -a "C:\Users\family\Documents\Vuze Downloads\Sierra Games Collection\Kings Quest Collection XP.exe" -d "C:\Users\family\Documents\Vuze Downloads\Sierra Games Collection"
C:\Users\family\Documents\Vuze Downloads\Sierra Games Collection
CMD: ipconfig /flushdns
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    Things for your next post:
  • Has your Firefox issue been resolved?
  • fixlog.txt
  • How is your computer running now?

    Thanks

  • 0

#11
zuggalo

zuggalo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts

Firefox still being a bit werid will prob uninstall n reinstall once we done but as long as its nothing bad its no problem. Apart from that everything seams fine thanks.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by family at 2015-06-22 07:39:01 Run:3
Running from C:\Users\family\Desktop
Loaded Profiles: family & UpdatusUser (Available Profiles: family & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01
Task: {7279F845-0B73-4BB6-8F43-1AE4249DB341} - System32\Tasks\{6B32D1AD-2268-434D-A2E3-A5A40AAE8B1E} => pcalua.exe -a "C:\Users\family\Documents\Vuze Downloads\Sierra Games Collection\Kings Quest Collection XP.exe" -d "C:\Users\family\Documents\Vuze Downloads\Sierra Games Collection"
C:\Users\family\Documents\Vuze Downloads\Sierra Games Collection
CMD: ipconfig /flushdns
EmptyTemp:
*****************

Restore point was successfully created.
C:\Users\family\Desktop\Brad\PC\PC\Sierra Online Quests v1.01 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7279F845-0B73-4BB6-8F43-1AE4249DB341}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7279F845-0B73-4BB6-8F43-1AE4249DB341}" => key removed successfully
C:\Windows\System32\Tasks\{6B32D1AD-2268-434D-A2E3-A5A40AAE8B1E} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B32D1AD-2268-434D-A2E3-A5A40AAE8B1E}" => key removed successfully
"C:\Users\family\Documents\Vuze Downloads\Sierra Games Collection" => File/Folder not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 1 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 07:40:03 ====


  • 0

#12
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Zuggalo
 

Firefox still being a bit werid will prob uninstall n reinstall


Your call. When reinstalling Firefox please download the latest version from the official site at www.mozilla.org .

I think that's us done so......subject to no further problems

Good News! - Your system now appears to be clean. :)
Now for some clean up and "housekeeping" procedures.

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
  • Download Delfix from here
  • Locate the file and right click on it. Click on Run as Administrator.
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Create registry backup
  • Purge system restore

    delfix.jpg
  • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

    General Advice & Prevention

    Check Windows Updates is set to automatic
    • Click Start, click Run, type sysdm.cpl, and then press ENTER.
    • Click the Automatic Updates tab.
    • Ensure it is set to Automatic (recommended) Automatically download recommended updates for my computer and install them option.
    Malwarebytes - Update and run weekly to help keep your system clean.

    Additional Programs

    Crypto Warning!!!! - Complete Data Loss can occur!

    There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here
  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
    That's it. The protection is in place.

    Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
    UpdatesV7.4.11.JPG


    Prevention Tips
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem.
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

    To learn more about how to protect yourself while on the internet read this little guide Best security practices.

    Go here for some good advice about how to prevent infection.

    Happy safe surfing!! :)

    Things for your next post:
  • Has your firefox issue now been resolved?
  • delfix log

    Thanks

  • 0

#13
zuggalo

zuggalo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts

sysdm.cpl brought up system properties had no Automatic Updates tab it is however enabled in windows update > change settings. still havent reinstalled firefox but its not a big problem and everyuthing else seams to be running fine thanks


# DelFix v1.010 - Logfile created 24/06/2015 at 07:30:20
# Updated 26/04/2015 by Xplode
# Username : family - FAMILYS
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\JRT
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\family\Desktop\FRST-OlderVersion
Deleted : C:\AdwCleaner[R1].txt
Deleted : C:\AdwCleaner[R2].txt
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\AdwCleaner[S2].txt
Deleted : C:\Users\family\Desktop\AdwCleaner.exe
Deleted : C:\Users\family\Desktop\Fixlog.txt
Deleted : C:\Users\family\Desktop\FRST64.exe
Deleted : C:\Users\family\Desktop\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #428 [Windows Update | 06/18/2015 01:18:43]
Deleted : RP #429 [Windows Update | 06/21/2015 03:03:20]
Deleted : RP #430 [Windows Backup | 06/21/2015 09:00:08]
Deleted : RP #432 [Restore Point Created by FRST | 06/21/2015 21:39:01]

New restore point created !

########## - EOF - ##########
 


  • 0

#14
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts

Hi Zuggalo
 

it is however enabled in windows update > change settings.

:thumbsup:

 

 

That's us finished now. It's been a pleasure working with you. :)

Thanks
Bruce


  • 0

#15
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP