Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

PC Keeper Popup [Solved]

Started by joseph456 , Jun 16 2015 04:23 PM

Offered to clean problems

This topic is locked

#1
joseph456

Posted 16 June 2015 - 04:23 PM

Member

Member
455 posts

While reading on a legitimate web site and clicking on an article, PC Keeper popup came up offering to clean my computer. Xed out of it even beyond it asking me if I wanted "Leave the page." Any cause for concern?

MB came up clean.

Thanks for your help.

Farbar results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Administrator (administrator) on S0034324532 on 16-06-2015 18:18:15
Running from C:\Documents and Settings\Administrator\desktop
Loaded Profiles: Administrator (Available Profiles: Computer Admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\csrss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\WINNT\system32\alg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINNT\system32\wuauclt.exe
(Microsoft Corporation) C:\WINNT\system32\wbem\wmiprvse.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [PRONoMgrWired] => C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [86016 2003-08-06] (Intel® Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] C:\WINNT\system32\logonui.exe [514560 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINNT\system32\Ati2evxx.dll [2005-08-09] (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINNT\System32\dimsntfy.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
Winlogon\Notify\WgaLogon: C:\WINNT\system32\WgaLogon.dll [2008-09-06] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll [2008-04-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1238152 2015-05-17] (Ruiware)
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\RunOnce: [Adobe Speed Launcher] => 1434468267
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {5e59674a-b37a-11e1-9bd2-00904b847847} - F:\LaunchU3.exe -a
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {663fc156-6412-11e1-9ba3-00904b847847} - E:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {8382f4fc-c626-11dd-9808-00904b847847} - E:\LaunchU3.exe -a
HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\MountPoints2: {9f2e57b0-d2a7-11dd-9825-00904b847847} - E:\LaunchU3.exe -a
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\System32\scrnsave.scr [9216 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINNT\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINNT\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINNT\system32\logon.scr [220672 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Billminder.lnk [2011-11-27]
ShortcutTarget: Billminder.lnk -> C:\QUICKENW\billmind.exe (Intuit)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.overture....s={searchTerms}
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-515416071-1635729839-3118798863-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.netaddre...nvalidSessionID
https://login.micros...=1033&id=271346
http://www.netvibes.com/en
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search...p={searchTerms}
SearchScopes: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> DefaultScope {91E988AB-50B7-46B0-B45D-5CF6103F052F} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> {91E988AB-50B7-46B0-B45D-5CF6103F052F} URL = http://www.google.co...age={startPage}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\.DEFAULT -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\S-1-5-21-515416071-1635729839-3118798863-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896 2003-03-31] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINNT\system32\rsvpsp.dll [92672 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINNT\system32\rsvpsp.dll [92672 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINNT\system32\mswsock.dll [245248 2003-03-31] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.netvibes.com/privatepage/2#General|https://www.netaddre...gle.com/finance
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-14] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-03-26] (CANON INC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2010-03-26] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINNT\system32\npDeployJava1.dll [2012-11-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2015-05-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

S3 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation)
S3 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
S4 Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [380928 2005-08-09] (ATI Technologies Inc.)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
R2 BITS; C:\WINNT\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation)
S4 Browser; C:\WINNT\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
S4 cisvc; C:\WINNT\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation)
S4 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; c:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
S3 CryptSvc; C:\WINNT\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINNT\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
S3 Dot3svc; C:\WINNT\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation)
S3 EapHost; C:\WINNT\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation)
S4 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\System32\es.dll [253952 2008-07-07] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation)
S4 HidServ; C:\WINNT\System32\hidserv.dll [21504 2008-04-13] (Microsoft Corporation)
S3 hkmsvc; C:\WINNT\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation)
R2 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation)
S4 idsvc; c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\System32\imapi.exe [150528 2008-04-13] (Microsoft Corporation)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation)
S4 mnmsrvc; C:\WINNT\System32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation)
S4 MSDTC; C:\WINNT\System32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation)
S3 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 napagent; C:\WINNT\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation)
S3 NetDDE; C:\WINNT\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S4 Netlogon; C:\WINNT\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-07-16] (Intel® Corporation)
S4 NetTcpPortSharing; c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S4 NtLmSsp; C:\WINNT\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R2 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation)
S3 PassThru; C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe [77824 2003-10-15] ()
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 PolicyAgent; C:\WINNT\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 RasAuto; C:\WINNT\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\System32\locator.exe [75264 2008-04-13] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\System32\rsvp.exe [132608 2003-03-31] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S4 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINNT\System32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation)
R3 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation)
R2 Themes; C:\WINNT\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S4 TlntSvr; C:\WINNT\System32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation)
S4 TrkWks; C:\WINNT\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation)
S3 upnphost; C:\WINNT\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation)
S4 UPS; C:\WINNT\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation)
R2 W32Time; C:\WINNT\System32\w32time.dll [175104 2008-04-13] (Microsoft Corporation)
R2 WebClient; C:\WINNT\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation)
S4 WLTRYSVC; C:\WINNT\System32\bcmwltry.exe [483328 2003-07-17] (Broadcom Corporation)
S4 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\System32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation)
S3 WPFFontCache_v0400; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [754856 2013-07-20] (Microsoft Corporation)
R2 wscsvc; C:\WINNT\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation)
S3 WudfSvc; C:\WINNT\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation)
S4 xmlprov; C:\WINNT\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 SwPrv; C:\WINNT\System32\dllhost.exe /Processid:{C12704F8-F140-47C3-B50E-DD710A897F9E}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\WINNT\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2003-03-31] (Microsoft Corporation)
R0 adpu160m; C:\WINNT\system32\Drivers\adpu160m.sys [101888 2003-03-31] (Microsoft Corporation)
S3 aec; C:\WINNT\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R3 AgereSoftModem; C:\WINNT\System32\DRIVERS\AGRSM.sys [1196352 2003-06-27] (Agere Systems)
R0 agp440; C:\WINNT\System32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation)
R0 aic78xx; C:\WINNT\system32\Drivers\aic78xx.sys [56960 2003-03-31] (Microsoft Corporation)
S3 Arp1394; C:\WINNT\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation)
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
R3 ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [1273856 2005-08-09] (ATI Technologies Inc.)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 BANTExt; C:\WINNT\System32\Drivers\BANTExt.sys [3840 2013-09-10] ()
R3 BCM43XX; C:\WINNT\System32\DRIVERS\bcmwl5.sys [265728 2003-07-17] (Broadcom Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2003-03-31] (Microsoft Corporation)
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2003-03-31] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2003-03-31] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation)
S3 CO_Mon; C:\WINNT\system32\Drivers\CO_Mon.sys [28672 2006-04-26] ()
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINNT\System32\DRIVERS\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINNT\system32\Drivers\dmload.sys [5888 2003-03-31] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
R3 E1000; C:\WINNT\System32\DRIVERS\e1000325.sys [121344 2003-03-11] (Intel Corporation)
S3 E100B; C:\WINNT\System32\DRIVERS\e100b325.sys [117760 2001-08-17] (Intel Corporation)
R4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
R3 Fdc; C:\WINNT\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
R3 Flpydisk; C:\WINNT\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2003-03-31] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2003-03-31] (Microsoft Corporation)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
S3 grmnusb; C:\WINNT\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation)
R3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
R0 iaStor; C:\WINNT\System32\drivers\iaStor.sys [274816 2003-07-03] (Intel Corporation)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation)
S3 ip6fw; C:\WINNT\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2003-03-31] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
S3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R3 MBAMProtector; C:\WINNT\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2003-03-31] (Microsoft Corporation)
R3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
R3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2003-03-31] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
R0 MpFilter; C:\WINNT\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2007-09-28] (Motive, Inc.)
S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2007-09-28] (Motive, Inc.)
R3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
S3 NIC1394; C:\WINNT\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2003-03-31] (Microsoft Corporation)
S3 nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-03] (NVIDIA Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2003-03-31] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2003-03-31] (Microsoft Corporation)
R0 ohci1394; C:\WINNT\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation)
R3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
R2 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2003-03-31] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\system32\Drivers\PCIIde.sys [3328 2003-03-31] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
S1 Processor; C:\WINNT\System32\DRIVERS\processr.sys [35840 2008-04-13] (Microsoft Corporation)
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2003-03-31] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2003-03-31] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2003-03-31] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2003-03-31] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
S3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
S3 SDTHOOK; C:\WINNT\System32\DRIVERS\SDTHOOK.sys [44928 2007-06-05] (Panda Software)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation)
S1 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation)
S1 Sfloppy; C:\WINNT\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
R3 STAC97; C:\WINNT\System32\drivers\STAC97.sys [252144 2003-10-14] (SigmaTel, Inc.)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R3 SynTP; C:\WINNT\System32\DRIVERS\SynTP.sys [270544 2003-07-25] (Synaptics, Inc.)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation)
S3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation)
R1 UdfReadr; C:\WINNT\system32\Drivers\UdfReadr.sys [200704 2005-07-31] (Roxio)
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
R0 ultra; C:\WINNT\System32\DRIVERS\ultra.sys [36736 2003-03-31] (Promise Technology, Inc.)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
R3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation)
R3 usbprint; C:\WINNT\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)
R3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)
R3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
R0 ViaIde; C:\WINNT\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
S4 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2003-03-31] (Microsoft Corporation)
S3 WudfPf; C:\WINNT\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINNT\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
U5 FontCache3.0.0.0; c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
S4 NetworkX; No ImagePath
S3 PROCEXP151; \??\C:\WINNT\system32\Drivers\PROCEXP151.SYS [X]
S4 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [X]
U5 ScsiPort; C:\WINNT\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S4 wanatw; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 18:18 - 2015-06-16 18:18 - 00037554 _____ C:\Documents and Settings\Administrator\desktop\FRST.txt
2015-06-16 18:17 - 2015-06-16 18:18 - 00000000 ____D C:\FRST
2015-06-16 18:17 - 2015-06-16 18:17 - 01148416 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2015-06-14 16:00 - 2015-06-14 16:00 - 00388792 _____ C:\WINNT\system32\FNTCACHE.DAT
2015-06-14 15:37 - 2015-06-14 15:37 - 00112208 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-06-06 15:10 - 2015-06-06 15:10 - 00000070 _____ C:\Documents and Settings\Administrator\My Documents\▶ Ray LaMontagne - Airwaves (Audio) - YouTube.URL
2015-06-05 18:48 - 2015-06-06 23:31 - 00008081 _____ C:\WINNT\setupapi.log
2015-06-02 18:04 - 2015-06-03 08:53 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 18:19 - 2003-10-06 17:47 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-06-16 18:15 - 2011-12-13 22:25 - 01506279 _____ C:\WINNT\WindowsUpdate.log
2015-06-16 18:15 - 2003-10-06 17:26 - 00000000 ____D C:\WINNT\Temp
2015-06-16 18:10 - 2003-10-06 17:47 - 00000000 ____D C:\Documents and Settings\Administrator
2015-06-16 10:06 - 2003-10-06 17:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-06-16 10:04 - 2005-08-02 21:10 - 00004616 ____H C:\Documents and Settings\Administrator\My Documents\Default.rdp
2015-06-16 09:43 - 2004-09-06 04:27 - 00000000 ____D C:\WINNT\system32\NtmsData
2015-06-14 16:44 - 2013-11-14 10:39 - 00000384 ____H C:\WINNT\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-06-14 16:35 - 1980-01-01 01:00 - 00001158 _____ C:\WINNT\system32\wpa.dbl
2015-06-14 16:34 - 2012-12-03 22:49 - 00000159 _____ C:\WINNT\wiadebug.log
2015-06-14 16:34 - 2012-12-03 22:49 - 00000049 _____ C:\WINNT\wiaservc.log
2015-06-14 16:34 - 2012-02-16 14:59 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2015-06-14 16:33 - 2014-04-05 09:57 - 00000006 ____H C:\WINNT\Tasks\SA.DAT
2015-06-14 16:32 - 2011-12-13 22:26 - 00032552 _____ C:\WINNT\SchedLgU.Txt
2015-06-14 16:32 - 2003-10-06 17:47 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-06-14 16:31 - 2009-10-26 19:56 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2015-06-14 16:29 - 2009-10-28 01:01 - 00010360 _____ C:\Documents and Settings\Administrator\Application Data\CleanUp!.log
2015-06-14 16:29 - 2009-10-26 20:54 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2015-06-14 16:29 - 2009-10-26 19:57 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2015-06-14 16:29 - 2004-10-20 20:13 - 00000000 ____D C:\QUICKENW
2015-06-14 16:19 - 2014-10-25 18:55 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2015-06-14 16:14 - 2012-12-02 00:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerApp.exe
2015-06-14 16:14 - 2012-12-02 00:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerCPLApp.cpl
2015-06-11 18:51 - 2004-10-20 20:14 - 00002249 _____ C:\WINNT\QUICKEN.INI
2015-06-11 07:33 - 2013-07-11 21:01 - 00000000 ____D C:\WINNT\system32\MRT
2015-06-11 07:18 - 2005-10-26 00:25 - 136900096 _____ (Microsoft Corporation) C:\WINNT\system32\MRT.exe
2015-06-08 09:02 - 2014-04-02 23:47 - 00119512 _____ (Malwarebytes Corporation) C:\WINNT\system32\Drivers\MBAMSwissArmy.sys
2015-06-06 16:00 - 2012-01-12 20:15 - 04752046 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515416071-1635729839-3118798863-500-0.dat
2015-06-06 16:00 - 2012-01-12 20:15 - 00372830 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-06-06 15:29 - 2005-08-05 22:13 - 00000000 ____D C:\Program Files\pdf995
2015-06-06 15:10 - 2014-03-02 20:11 - 00002455 _____ C:\Documents and Settings\All Users\desktop\TurboTax 2013.lnk
2015-06-05 18:48 - 2003-10-06 17:26 - 00000000 ____D C:\WINNT
2015-06-03 08:53 - 2012-04-24 14:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-05-30 15:54 - 2013-11-09 17:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
2015-05-30 15:54 - 2010-10-26 14:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\InstallMate
2015-05-24 15:26 - 2013-11-09 17:59 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WinPatrol
2015-05-23 20:58 - 2013-07-25 20:51 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\CCleaner Backups
2015-05-22 15:27 - 2003-10-06 17:47 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp

==================== Files in the root of some directories =======

2013-10-08 21:41 - 2013-10-08 21:41 - 0000288 _____ () C:\Documents and Settings\Administrator\Application Data\.backup.dm
2009-10-28 01:01 - 2015-06-14 16:29 - 0010360 _____ () C:\Documents and Settings\Administrator\Application Data\CleanUp!.log
2012-11-29 22:29 - 2012-12-08 23:00 - 0229395 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\clear.log
2005-10-18 21:18 - 2012-04-13 18:50 - 0010240 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2005-11-10 21:48 - 2005-11-10 21:48 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

Files to move or delete:
====================
C:\Documents and Settings\Administrator\remote.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Administrator at 2015-06-16 18:20:05
Running from C:\Documents and Settings\Administrator\desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-515416071-1635729839-3118798863-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-515416071-1635729839-3118798863-1003 - Limited - Enabled)
Computer Admin (S-1-5-21-515416071-1635729839-3118798863-1014 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Computer Admin
Guest (S-1-5-21-515416071-1635729839-3118798863-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-515416071-1635729839-3118798863-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-515416071-1635729839-3118798863-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adaptec UDF Reader (HKLM\...\Adaptec UDF Reader) (Version: - )
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agere Systems AC'97 Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
Ahead Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version: - )
AM-DeadLink 4.6 (HKLM\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.163-050809a1-026378C-Gateway - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
BCM Wireless Network Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: - )
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Calculator Powertoy for Windows XP (HKLM\...\{B37C842A-B624-46B8-A727-654E72F1C91A}) (Version: 1.00.0001 - Microsoft Corporation)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version: - )
Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version: - )
Canon MP490 series User Registration (HKLM\...\Canon MP490 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CleanCache 3.5 (HKLM\...\CleanCache 3.0_is1) (Version: - ButtUglySoftware)
CleanUp! (HKLM\...\CleanUp!) (Version: - )
ClearType Tuning Control Panel Applet (HKLM\...\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}) (Version: 1.01.0000 - Microsoft Corporation)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
Garmin Communicator Plugin (HKLM\...\{C7DD94A8-F775-426C-B56C-8E555A59F9E2}) (Version: 2.9.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Gateway Drivers and Applications Recovery (HKLM\...\Gateway Drivers and Applications Recovery) (Version: - )
Google Update Helper (Version: 1.2.183.39 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel® PROSet for Wired Connections (HKLM\...\{16906D21-0656-4F8B-9A01-C3D24B5401FC}) (Version: 7.10.0000 - Intel)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version: - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Small Business (HKLM\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft® Winter Fun Pack 2004 for Windows® XP (HKLM\...\{038A524F-58DB-438A-8391-8F7F0CA14B9E}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pdf995 (HKLM\...\Pdf995) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Quicken Deluxe 98 (HKLM\...\Quicken Deluxe 98) (Version: - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Signature995 (HKLM\...\Signature995) (Version: - )
SoftPerfect WiFi Guard version 1.0.3 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.3 - SoftPerfect Research)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 7.6.1.0 - )
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Taskbar Shuffle version 2.5 (HKLM\...\Taskbar Shuffle_is1) (Version: 2.5 - Jay Elaraj)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WexTech AnswerWorks (HKLM\...\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}) (Version: 1.00.000 - )
WinDirStat 1.1.2 (HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\WinDirStat) (Version: - )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 9 Series TweakMP PowerToy (HKLM\...\TweakMP9) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.5.2015.12 - Ruiware)
WinPhlash (HKLM\...\WinPhlash) (Version: - )
WinPoker 6 Shareware (HKLM\...\WinPokerushr) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINNT\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINNT\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINNT\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINNT\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINNT\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINNT\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINNT\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINNT\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{01329177-32B9-43A7-A4DE-98C73B23B340}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{07B27DE3-0C8C-4F21-B249-ED5BDC5AFF6F}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{08D1779E-7D4B-4B64-8F9F-AA29DE48DAA3}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINNT\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINNT\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINNT\system32\MSCOMCT2.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINNT\system32\MSCOMCT2.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINNT\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINNT\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINNT\system32\MSINET.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINNT\system32\MSCOMCT2.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{62022DB3-AEBA-4E84-9D13-4F4AEDD8FCBA}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{664E2200-24DB-11D2-9A82-444553540000}\InprocServer32 -> C:\WINNT\system32\SPR32X30.OCX (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINNT\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{7BB7994B-5297-49B3-A42C-4812B51D8331}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINNT\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{A28E8A2F-75FD-4809-897D-8CEE473E9A72}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINNT\system32\MSCOMCT2.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINNT\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{B47C6567-880B-40F7-989D-F944BDE4E446}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{BAB5D6C9-3634-4D96-88CF-5A8B10C1996C}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINNT\system32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{E2454650-4D87-11D2-B8B2-0000C00A958C}\InprocServer32 -> C:\WINNT\system32\SPR32X30.OCX (FarPoint Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINNT\system32\Comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515416071-1635729839-3118798863-500_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINNT\system32\MSCOMCT2.OCX (Microsoft Corporation)

==================== Restore Points =========================

22-05-2015 15:29:46 Installed Adobe Reader XI (11.0.10).
22-05-2015 15:29:46 Software Distribution Service 3.0
22-05-2015 15:29:46 System Checkpoint
22-05-2015 15:29:46 Software Distribution Service 3.0
22-05-2015 15:29:46 System Checkpoint
22-05-2015 15:29:45 Software Distribution Service 3.0
22-05-2015 15:29:45 Software Distribution Service 3.0
22-05-2015 15:29:45 Software Distribution Service 3.0
22-05-2015 15:29:45 Software Distribution Service 3.0
22-05-2015 15:29:45 Software Distribution Service 3.0
22-05-2015 15:29:45 Software Distribution Service 3.0
22-05-2015 15:29:44 Software Distribution Service 3.0
22-05-2015 15:29:44 Software Distribution Service 3.0
30-05-2015 09:56:49 Software Distribution Service 3.0
22-05-2015 15:29:44 Software Distribution Service 3.0
30-05-2015 09:56:49 Software Distribution Service 3.0
30-05-2015 09:56:49 Software Distribution Service 3.0
30-05-2015 09:56:49 Software Distribution Service 3.0
22-05-2015 15:29:44 System Checkpoint
30-05-2015 09:56:49 Software Distribution Service 3.0
06-06-2015 10:45:03 Software Distribution Service 3.0
22-05-2015 15:29:44 Software Distribution Service 3.0
06-06-2015 10:45:02 Software Distribution Service 3.0
30-05-2015 09:56:48 Software Distribution Service 3.0
22-05-2015 15:29:44 Software Distribution Service 3.0
22-05-2015 15:29:44 Software Distribution Service 3.0
21-05-2015 19:13:59 Software Distribution Service 3.0
23-05-2015 09:30:05 Software Distribution Service 3.0
30-05-2015 09:56:48 Software Distribution Service 3.0
06-06-2015 10:45:02 Software Distribution Service 3.0
06-06-2015 10:45:02 Software Distribution Service 3.0
30-05-2015 09:56:48 Software Distribution Service 3.0
30-05-2015 09:56:48 Software Distribution Service 3.0
25-05-2015 11:40:27 Software Distribution Service 3.0
27-05-2015 17:28:14 Software Distribution Service 3.0
30-05-2015 09:56:48 Software Distribution Service 3.0
06-06-2015 10:45:01 Software Distribution Service 3.0
30-05-2015 09:56:48 Software Distribution Service 3.0
30-05-2015 09:56:47 Software Distribution Service 3.0
29-05-2015 21:38:14 Software Distribution Service 3.0
06-06-2015 10:45:01 Software Distribution Service 3.0
06-06-2015 10:45:01 Software Distribution Service 3.0
10-06-2015 10:09:40 Software Distribution Service 3.0
06-06-2015 10:45:00 Software Distribution Service 3.0
31-05-2015 15:12:12 Software Distribution Service 3.0
06-06-2015 10:45:00 Software Distribution Service 3.0
06-06-2015 10:45:00 Software Distribution Service 3.0
01-06-2015 23:13:42 Software Distribution Service 3.0
06-06-2015 10:44:59 Software Distribution Service 3.0
03-06-2015 17:26:48 Software Distribution Service 3.0
06-06-2015 10:44:59 Software Distribution Service 3.0
10-06-2015 10:09:48 Software Distribution Service 3.0
06-06-2015 10:44:59 Software Distribution Service 3.0
06-06-2015 10:44:58 Software Distribution Service 3.0
06-06-2015 10:45:10 Software Distribution Service 3.0
05-06-2015 19:30:21 Software Distribution Service 3.0
10-06-2015 10:09:35 System Checkpoint
14-06-2015 11:54:32 Software Distribution Service 3.0
10-06-2015 10:09:26 Software Distribution Service 3.0
14-06-2015 11:54:32 Software Distribution Service 3.0
09-06-2015 09:30:34 Software Distribution Service 3.0
10-06-2015 18:23:05 Software Distribution Service 3.0
14-06-2015 11:54:32 Software Distribution Service 3.0
14-06-2015 11:54:32 Software Distribution Service 3.0
11-06-2015 18:32:30 Software Distribution Service 3.0
12-06-2015 09:37:02 Software Distribution Service 3.0
14-06-2015 11:54:31 Software Distribution Service 3.0
14-06-2015 11:54:31 Software Distribution Service 3.0
13-06-2015 09:42:44 Software Distribution Service 3.0
14-06-2015 11:40:43 Software Distribution Service 3.0
14-06-2015 12:01:57 Software Distribution Service 3.0
14-06-2015 14:02:12 Software Distribution Service 3.0
14-06-2015 15:42:55 Software Distribution Service 3.0
14-06-2015 15:47:10 Software Distribution Service 3.0
16-06-2015 10:04:59 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

1980-01-01 01:00 - 2012-10-25 19:13 - 00000098 ____A C:\WINNT\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINNT\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (Whitelisted) ==============

2004-10-25 23:29 - 2006-06-26 19:02 - 00049852 _____ () C:\WINNT\system32\pdf995mon.dll
2015-06-14 16:14 - 2015-06-14 16:14 - 17321648 _____ () C:\WINNT\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll
2003-05-30 10:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINNT\System32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-515416071-1635729839-3118798863-500\...\geekstogo.com -> hxxp://www.geekstogo.com

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\139mm.com -> www.139mm.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> 1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\.DEFAULT\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\.DEFAULT\...\1stsearchportal.com -> 1stsearchportal.com
IE restricted site: HKU\.DEFAULT\...\2020search.com -> 2020search.com
IE restricted site: HKU\.DEFAULT\...\20x2p.com -> 20x2p.com
IE restricted site: HKU\.DEFAULT\...\24-7searching-and-more.com -> 24-7searching-and-more.com
IE restricted site: HKU\.DEFAULT\...\24teen.com -> 24teen.com
IE restricted site: HKU\.DEFAULT\...\2ndpower.com -> 2ndpower.com
IE restricted site: HKU\.DEFAULT\...\36site.com -> 36site.com

There are 5237 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515416071-1635729839-3118798863-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\WINNT\system32\dxdiag.exe] => Enabled:Microsoft DirectX Diagnostic Tool
StandardProfile\AuthorizedApplications: [C:\WINNT\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server
DomainProfile\GloballyOpenPorts: [3389:TCP] => Disabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [50000:UDP] => Enabled:IHA_MessageCenter
StandardProfile\GloballyOpenPorts: [5353:UDP] => Enabled:Bonjour Port 5353

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NetworkX
Description: NetworkX
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetworkX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2015 03:50:02 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am delta, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/14/2015 03:47:23 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am delta, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/14/2015 03:46:27 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x80070643updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (06/14/2015 03:46:23 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am delta, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/14/2015 03:43:15 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am delta, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/14/2015 02:05:06 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am delta, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/14/2015 02:02:33 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am delta, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/14/2015 00:04:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am delta, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/14/2015 00:02:16 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am delta, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/14/2015 11:44:31 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80508007, P2 mpupdateengine, P3 am delta, P4 11.1.5020.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

System errors:
=============
Error: (06/16/2015 05:06:10 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00E0B85CBA51 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/16/2015 05:06:04 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC

Error: (06/15/2015 10:07:54 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 00E0B85CBA51 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/15/2015 09:43:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2015 04:32:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2015 04:32:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (06/14/2015 03:50:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.199.1999.0

   Update Source: %NT AUTHORITY51

   Update Stage: 4.4.0304.00

   Source Path: 4.4.0304.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (06/14/2015 03:50:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.199.1999.0

   Update Source: %NT AUTHORITY51

   Update Stage: 4.4.0304.00

   Source Path: 4.4.0304.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (06/14/2015 03:50:02 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version: 1.199.2577.0

   Previous Signature Version: 1.199.1999.0

   Update Source: %NT AUTHORITY15

   Update Stage: 4.4.0304.00

   Source Path: 4.4.0304.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (06/14/2015 03:50:02 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version: 1.199.2577.0

   Previous Signature Version: 1.199.1999.0

   Update Source: %NT AUTHORITY15

   Update Stage: 4.4.0304.00

   Source Path: 4.4.0304.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Microsoft Office:
=========================
Error: (06/14/2015 03:50:02 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80508007mpupdateengineam delta11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (06/14/2015 03:47:23 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80508007mpupdateengineam delta11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (06/14/2015 03:46:27 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x80070643updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (06/14/2015 03:46:23 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80508007mpupdateengineam delta11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (06/14/2015 03:43:15 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80508007mpupdateengineam delta11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (06/14/2015 02:05:06 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80508007mpupdateengineam delta11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (06/14/2015 02:02:33 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80508007mpupdateengineam delta11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (06/14/2015 00:04:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80508007mpupdateengineam delta11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (06/14/2015 00:02:16 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80508007mpupdateengineam delta11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

Error: (06/14/2015 11:44:31 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80508007mpupdateengineam delta11.1.5020.0mpsigstub.exe4.4.304.0microsoft security essentialsNILNILNIL

==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 46%
Total physical RAM: 2046.98 MB
Available physical RAM: 1104.44 MB
Total Pagefile: 3956.65 MB
Available Pagefile: 3197.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.26 GB) (Free:7.64 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 7D067D06)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End of log ============================

Edited by joseph456, 16 June 2015 - 05:23 PM.

#2
Essexboy

Posted 21 June 2015 - 04:32 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi sorry for the delay

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

#3
joseph456

Posted 21 June 2015 - 02:59 PM

Member

Topic Starter
Member
455 posts

Thanks for your help! Here are the results requested:

Question: This happened on a very legitimate website. (And has been complained about by others). Wondering - how did PC Keeper get "my name?" Such as in addressing me by my first name int he text of them trying to get me to download and run the software.

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by Administrator at 2015-06-21 16:41:08 Run:1
Running from C:\Documents and Settings\Administrator\desktop
Loaded Profiles: Administrator (Available Profiles: Computer Admin & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-515416071-1635729839-3118798863-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

EmptyTemp: => 62.4 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 16:41:30 ====

AdwCleaner Results

# AdwCleaner v4.207 - Logfile created 21/06/2015 at 16:49:50
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - S0034324532
# Running from : C:\Documents and Settings\Administrator\desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Common Files\download Manager
Folder Deleted : C:\Documents and Settings\Administrator\Favorites\radio
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
File Deleted : C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
File Deleted : C:\Documents and Settings\Computer Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

*************************

AdwCleaner[R0].txt - [3036 bytes] - [29/03/2014 17:39:15]
AdwCleaner[R1].txt - [3096 bytes] - [30/03/2014 14:50:14]
AdwCleaner[R2].txt - [1527 bytes] - [21/06/2015 16:48:03]
AdwCleaner[S0].txt - [3211 bytes] - [30/03/2014 14:51:52]
AdwCleaner[S1].txt - [1464 bytes] - [21/06/2015 16:49:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1523 bytes] ##########

Edited by joseph456, 21 June 2015 - 03:01 PM.

#4
Essexboy

Posted 21 June 2015 - 03:10 PM

GeekU Moderator

Retired Staff
69,964 posts

Wondering - how did PC Keeper get "my name?" Such as in addressing me by my first name int he text of them trying to get me to download and run the software.

It may have just read the computer name and used that

How is the computer at the moment ?

Please download Malwarebytes Anti-Malware to your desktop

Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
- Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
- Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
Reboot your computer if prompted.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here

#5
joseph456

Posted 21 June 2015 - 04:40 PM

Member

Topic Starter
Member
455 posts

Thanks for the prompt response!

Computer seems to be running ok.

Wondering - how did PC Keeper get "my name?" Such as in addressing me by my first name int he text of them trying to get me to download and run the software.

It may have just read the computer name and used that

Is this a cause for concern? The computer's name is only my initials, for example: XXX-PC, so where could it have picked up my name?

MBAM Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/21/2015
Scan Time: 5:52:28 PM
Logfile: MBAM062115175228.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.21.04
Rootkit Database: v2015.06.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357293
Time Elapsed: 38 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

#6
Essexboy

Posted 22 June 2015 - 07:38 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm in that case I am not sure, I have never come across this before so I will see if I can find out

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

#7
joseph456

Posted 22 June 2015 - 05:02 PM

Member

Topic Starter
Member
455 posts

Thanks for your help. Will keep you posted on this computer.

Ok to send Farbar report on the other computer that is showing the same thing or do I need to start a new thread?

#8
Essexboy

Posted 23 June 2015 - 07:44 AM

GeekU Moderator

Retired Staff
69,964 posts

If you have a second computer with problems then you may as well continue here

#9
joseph456

Posted 23 June 2015 - 08:03 AM

Member

Topic Starter
Member
455 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by EJC (administrator) on EJC-PC on 23-06-2015 09:53:24
Running from C:\Users\EJC\Desktop
Loaded Profiles: EJC (Available Profiles: EJC)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Windows\SysWOW64\srvany.exe
(TODO: <公司名>) C:\Windows\SysWOW64\SDIOAssist.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ucmapi.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [115968 2013-07-23] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-07-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-11-13] (Intel Corporation)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
HKLM\...\RunOnce: [PC-Doctor for Windows REBOOT] => [X]
HKU\S-1-5-21-1107464198-3355101354-199131294-1000\...\Run: [Speccy] => C:\Program Files\Speccy\Speccy64.exe [7088408 2015-01-22] (Piriform Ltd)
HKU\S-1-5-21-1107464198-3355101354-199131294-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [24025768 2015-05-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1107464198-3355101354-199131294-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us?ocid=DELLDHP
HKU\S-1-5-21-1107464198-3355101354-199131294-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1107464198-3355101354-199131294-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.netaddress.com/
https://news.google.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1107464198-3355101354-199131294-1000 -> {FA5EA24D-EB5C-417F-AECA-A037B041C463} URL = https://startpage.co...anguage=english
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-05-28] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...ols/pcmatic.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\EJC\AppData\Roaming\Mozilla\Firefox\Profiles\n1bo63z0.default-1428027580639
FF DefaultSearchEngine.US: Google
FF Homepage: about:home|hxxp://www.msn.com/en-us?ocid=DELLDHP|https://www.netaddre...ews.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-11] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\EJC\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2014-03-28] (Microsoft Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-06] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2012-03-09] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{263FA663-D541-481D-BCDD-A789E230F223}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36520 2012-09-14] (Advanced Micro Devices, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-03-05] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-28] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw01.sys [11532704 2015-03-13] (Intel Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [48024 2013-01-28] (Windows ® Win 7 DDK provider)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2014-02-24] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2014-02-24] (Microsoft Corporation) [File not signed]
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [194456 2013-01-28] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 09:53 - 2015-06-23 09:53 - 00019441 _____ C:\Users\EJC\Desktop\FRST.txt
2015-06-23 09:53 - 2015-06-23 09:53 - 00000000 ____D C:\FRST
2015-06-23 09:52 - 2015-06-23 09:52 - 02109952 _____ (Farbar) C:\Users\EJC\Desktop\FRST64.exe
2015-06-22 19:23 - 2015-06-22 19:39 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-06-22 19:23 - 2015-06-22 19:23 - 00004020 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-22 19:23 - 2015-06-22 19:23 - 00003210 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-22 19:23 - 2015-06-22 19:23 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-06-22 19:22 - 2015-06-22 19:22 - 00000000 ____D C:\Program Files\Dell Support Center
2015-06-22 00:45 - 2015-06-22 00:45 - 00114384 _____ C:\Users\EJC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-19 00:46 - 2015-06-19 00:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-19 00:46 - 2015-06-19 00:46 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-19 00:46 - 2015-06-19 00:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-17 00:51 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-17 00:51 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-17 00:51 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-17 00:51 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-17 00:51 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-17 00:51 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-17 00:51 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-17 00:51 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-17 00:51 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-15 00:06 - 2015-06-15 00:20 - 00000000 ____D C:\Users\EJC\Desktop\Tinnitus
2015-06-13 14:19 - 2015-06-08 19:41 - 1393203695 _____ C:\Users\EJC\Desktop\dad & mom 60s.wmv
2015-06-11 21:12 - 2015-06-19 13:56 - 00004956 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for EJC-PC-EJC EJC-PC
2015-06-09 19:50 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 19:50 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 19:50 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 19:50 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 19:50 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-09 19:50 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 19:50 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-09 19:50 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-09 19:50 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 19:50 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-09 19:50 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 19:50 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-09 19:50 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-09 19:50 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-09 19:50 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 19:50 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-09 19:50 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 19:50 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-09 19:50 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-09 19:50 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-09 19:50 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 19:50 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 19:50 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 19:50 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 19:50 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 19:50 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-09 19:50 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 19:50 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 19:50 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 19:50 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 19:50 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 19:50 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-09 19:50 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-09 19:50 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 19:50 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 19:50 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 19:50 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-09 19:50 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-09 19:50 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 19:50 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 19:50 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-09 19:50 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 19:50 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 19:50 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 19:50 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 19:50 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-09 19:50 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-09 19:50 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 19:50 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-09 19:50 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-09 19:50 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 19:50 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 19:50 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-09 19:50 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 19:50 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 19:50 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-09 19:50 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 19:50 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 19:50 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 19:50 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 19:45 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 19:45 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 19:45 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 19:45 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 19:45 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 19:45 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-09 19:45 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-09 19:45 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-09 19:45 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-09 19:45 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-09 19:44 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 19:44 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 19:44 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-05 21:30 - 2015-06-05 21:30 - 00001017 _____ C:\Users\EJC\Downloads\amp.ics
2015-06-05 20:35 - 2015-06-05 20:35 - 00000000 ____D C:\Users\EJC\Documents\Windows XP Wireless
2015-06-05 00:25 - 2015-06-05 00:26 - 00000000 ____D C:\Users\EJC\Desktop\Financial Planning Docs
2015-06-03 21:04 - 2015-06-19 01:20 - 00007462 _____ C:\Windows\PFRO.log
2015-06-03 20:39 - 2015-06-03 20:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 20:44 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-02 20:44 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-02 20:44 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-02 20:44 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-02 20:44 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-02 20:44 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-02 20:44 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-02 20:44 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-02 20:44 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-02 20:44 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-02 20:44 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-02 20:44 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-02 20:44 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-02 20:44 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-02 20:44 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-02 20:44 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-02 20:44 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-02 20:44 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-02 20:44 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-02 20:43 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-02 20:43 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-02 20:43 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-02 20:43 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-02 20:43 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-02 20:43 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-02 20:43 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-02 20:43 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-02 20:43 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-02 20:43 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-02 20:43 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-02 20:43 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-02 20:43 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-02 20:43 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-02 20:43 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-02 20:43 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-02 20:43 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-02 20:43 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-02 20:43 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-02 20:43 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-02 20:43 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-02 20:43 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-02 20:43 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-02 20:43 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-02 20:43 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-02 20:43 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-02 20:43 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-02 20:43 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-02 20:43 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-02 20:43 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-02 20:43 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-02 20:43 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-02 20:43 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-02 20:43 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-02 20:43 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-02 20:43 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-02 20:43 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-02 20:43 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-02 20:43 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-02 20:43 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-02 20:43 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-02 20:29 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-02 20:29 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-02 20:29 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-02 20:29 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-02 20:29 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-02 20:29 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-02 20:29 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-02 20:29 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-02 20:27 - 2015-05-08 23:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-02 20:27 - 2015-05-08 23:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-02 20:27 - 2015-05-08 23:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-02 20:27 - 2015-05-08 23:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-02 20:27 - 2015-05-08 23:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-02 20:27 - 2015-05-08 23:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-02 20:27 - 2015-05-08 23:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-02 20:27 - 2015-05-08 23:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-02 20:27 - 2015-05-08 23:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-02 20:27 - 2015-05-08 23:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-02 20:27 - 2015-05-08 23:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-02 20:27 - 2015-05-08 23:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-02 20:27 - 2015-05-08 23:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-02 20:27 - 2015-05-08 23:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-02 20:27 - 2015-05-08 23:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-02 20:27 - 2015-05-08 23:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-01 22:02 - 2015-06-01 22:02 - 00000000 ____D C:\Users\EJC\AppData\Local\GWX
2015-05-29 20:54 - 2015-05-29 20:54 - 00001612 _____ C:\quotes.csv
2015-05-24 23:40 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-24 23:37 - 2015-06-19 01:21 - 00000616 _____ C:\Windows\setupact.log
2015-05-24 23:37 - 2015-05-24 23:37 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 09:53 - 2009-07-14 00:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-23 09:53 - 2009-07-14 00:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-23 09:47 - 2014-02-24 13:44 - 01188760 _____ C:\Windows\WindowsUpdate.log
2015-06-23 00:39 - 2014-03-27 19:20 - 00002296 ____H C:\Users\EJC\Documents\Default.rdp
2015-06-23 00:39 - 2014-03-26 13:21 - 00000000 ____D C:\Users\EJC\AppData\Local\CrashDumps
2015-06-23 00:13 - 2014-03-26 12:50 - 00000000 ___RD C:\Users\EJC\Virtual Machines
2015-06-23 00:05 - 2014-03-26 11:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-22 19:24 - 2015-02-14 18:48 - 00000000 ____D C:\ProgramData\PCDr
2015-06-22 19:23 - 2014-02-24 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-22 19:19 - 2014-03-25 19:23 - 00000000 ____D C:\Users\EJC\AppData\Local\CutePDF Writer
2015-06-22 00:41 - 2009-07-14 01:13 - 00804902 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-19 01:21 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-19 01:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-06-19 00:54 - 2014-03-25 13:50 - 00000000 ____D C:\Users\EJC\AppData\Roaming\Adobe
2015-06-19 00:51 - 2014-08-23 16:58 - 00000000 ____D C:\Users\EJC\AppData\Local\Adobe
2015-06-19 00:47 - 2015-05-15 00:55 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-19 00:46 - 2014-02-24 14:18 - 00000000 ____D C:\ProgramData\Adobe
2015-06-18 23:36 - 2014-03-25 21:26 - 00000000 ____D C:\Users\EJC\AppData\Roaming\WinPatrol
2015-06-18 22:52 - 2014-03-25 22:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 21:10 - 2014-07-28 19:13 - 00000000 ____D C:\Users\EJC\Documents\TurboTax
2015-06-16 20:03 - 2014-08-09 20:44 - 00000000 ____D C:\Users\EJC\Documents\Financial
2015-06-14 16:16 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-13 14:16 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-09 23:11 - 2014-02-24 13:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 23:11 - 2014-02-24 13:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 21:35 - 2014-11-12 01:05 - 00000000 __SHD C:\Users\EJC\AppData\Local\EmieBrowserModeList
2015-06-09 21:35 - 2014-04-08 21:06 - 00000000 __SHD C:\Users\EJC\AppData\Local\EmieUserList
2015-06-09 21:35 - 2014-04-08 21:06 - 00000000 __SHD C:\Users\EJC\AppData\Local\EmieSiteList
2015-06-09 21:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 21:28 - 2014-03-25 14:08 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 21:24 - 2014-03-25 14:08 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-06 19:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-03 21:04 - 2014-04-30 23:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 20:32 - 2014-12-09 21:43 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-02 20:32 - 2014-04-29 20:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-05-29 20:53 - 2014-09-30 21:33 - 00000000 ____D C:\Quotes
2015-05-25 22:50 - 2015-03-03 19:26 - 00000000 ____D C:\Users\EJC\Documents\Cars

==================== Files in the root of some directories =======

2014-03-31 00:13 - 2015-05-17 19:15 - 0007610 _____ () C:\Users\EJC\AppData\Local\resmon.resmoncfg
2014-07-28 19:13 - 2014-12-30 20:00 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-05 22:15

==================== End of log ============================

Additions

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by EJC at 2015-06-23 09:54:02
Running from C:\Users\EJC\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1107464198-3355101354-199131294-500 - Administrator - Disabled)
EJC (S-1-5-21-1107464198-3355101354-199131294-1000 - Administrator - Enabled) => C:\Users\EJC
Guest (S-1-5-21-1107464198-3355101354-199131294-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1107464198-3355101354-199131294-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C49F01A6-1151-BE59-8BD2-107CD8AC3088}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.1.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell System Detect (HKU\S-1-5-21-1107464198-3355101354-199131294-1000\...\73f463568823ebbe) (Version: 6.1.0.3 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.109 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.5.52.1 (HKLM\...\PROSetDX) (Version: 18.5.52.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel® WiDi (HKLM\...\{62E7C369-64FF-452C-8F46-6BE9B77FF097}) (Version: 4.0.18.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{a2a04474-104a-49b3-9bf5-33afee260030}) (Version: 17.14.0 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{C834E5DF-AB21-4142-8234-0C4FA77F3A04}) (Version: 3.0.08.38 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.08.38 - O2Micro International LTD.) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.5.2015.12 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1107464198-3355101354-199131294-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

24-05-2015 23:40:58 Windows Update
28-05-2015 20:13:45 Windows Update
31-05-2015 22:34:09 Windows Update
02-06-2015 20:44:09 Windows Update
06-06-2015 20:14:40 Windows Update
09-06-2015 21:24:15 Windows Update
12-06-2015 22:18:14 Windows Update
16-06-2015 20:03:44 Windows Update
17-06-2015 00:51:26 Windows Update
21-06-2015 00:40:26 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-12 19:39 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {021EF16A-46BE-43D1-9C16-A73C2167F36C} - System32\Tasks\{056A8E14-3529-48B5-A170-2502BA01CB73} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {027FBBAE-8D7E-4D15-862B-43824C16BA6A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {0956E12F-B64B-49FA-BACB-22F83140B7DB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {0D947057-120B-4A19-B07B-6789B7629968} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {11AC0ED8-AE63-4D5A-BBC4-9D2495B5C33D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {1C223651-9A62-4F55-89DA-B29C54A8B0DF} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {30937500-F28F-468A-85D6-818D9145CF8C} - System32\Tasks\{AF5F7F6D-64A9-40B2-A358-F550EB5F4D85} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {340E9985-6834-4C30-94DB-687B5ED8F097} - System32\Tasks\{59946EC4-75B9-4FA1-BB2B-E5BB99797FBF} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {3519786E-2CFE-403C-8053-B4CB6ED83B22} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {3717E42A-801D-4682-9FEF-96A37B70BCAA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {397C7ADF-179A-4978-A675-5D31B6FD8802} - System32\Tasks\{F920816D-9F9C-444E-8B53-D6C971FC986C} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {3996E437-5E79-4085-8C03-2EAF4BA50810} - System32\Tasks\{33FE0097-DEF4-40C4-BD68-4FD32E8D2BF6} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {3DFEDEF2-A9E9-47E5-B77D-A61C0F10EBCE} - System32\Tasks\{A5F3EE2A-D936-4F11-8A9C-529C0F21A358} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {4320AB9B-E61E-4845-B174-63AF5C24F6F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-28] (Microsoft Corporation)
Task: {4386489A-80A2-40C5-8A45-A9D1C133AF62} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {54BE04EB-C39F-4C26-989B-F5B589808E8C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {561EBCDD-8D04-4790-BDA2-4485AF42FF51} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {59B544E0-BA1A-4288-82D2-2A83314DFD66} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {59C3B776-58E1-4BE0-8C80-2060C62031F0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {6D520C66-6AED-49F9-8D79-BF589857F0FD} - System32\Tasks\{1117422E-4466-4267-92CB-919B33203C97} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {7344B60F-740B-41EF-95F3-69E0B94143CD} - System32\Tasks\{65EF8C97-3A62-45E9-B3FC-C760497FAE5F} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {79E82A47-9B01-4C92-83A3-902408BA5DEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {7DAA5CF1-1402-4BA8-A6B9-F22CC28A6F1A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {820EB4D2-0EF3-44B6-BE17-F16F153BF943} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-03-25] (Microsoft Corporation)
Task: {8B81FFF0-3C2E-4B2E-802C-D1EC609EB597} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {98BC0AB8-1B7A-4C15-9740-EFE41AEC0EC6} - System32\Tasks\{8C241F6E-899A-45BB-84BE-CB5CE584D521} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {9FFE3E8B-F5F1-4EE1-A8D5-157962DC07D1} - System32\Tasks\{31FD5DAE-CC7F-46E3-9D5D-6CE4B45477A9} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {A4BD5D27-DF45-449D-83C7-4CB96CD4D34F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {B566D42C-83F7-4B74-AB87-8EAE178E32D5} - System32\Tasks\{0AB97A6E-0D68-4E3E-A677-5F50D71C0958} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {BED4EA40-D0B0-4FF0-B589-6D2A081D4A10} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C2507473-CCE7-496D-9980-02763A3FABA0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C2CB26F8-E497-4ADF-A756-84F46D6188C1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C8C7A9C3-717C-4F10-BBF8-5F7C26E411B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {C9F48DF0-A59A-4AEA-8108-56397975B205} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {D8FED936-E4C5-42C5-8A76-A157C11AB6F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {DF177FCD-220D-4EBC-A427-ED4BC9C517E4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {E0447D6D-F16A-499E-B556-9F6D8A70F4CB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for EJC-PC-EJC EJC-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-28] (Microsoft Corporation)
Task: {E1DEC944-32A5-4D82-86E0-B66B03B3913C} - System32\Tasks\{AC4E5A4B-2240-4D44-B8BE-2C7023AD8BB3} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {E23A5A23-4BBB-43A2-B8F0-935D8156862E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {E3232CE7-2EFB-4899-A942-78B56F4275D1} - System32\Tasks\{D616A915-E2A6-45B7-B099-77A39949667A} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {E43D571D-4231-431B-A0C7-08567CA54BEF} - System32\Tasks\{99AA6849-8676-48F2-9F09-4AF9AB35A1B9} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {EA2F71DC-1D01-47B7-AE0E-CBAB2363E952} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {FAB1DDAD-6DD9-4D0A-83B5-40ECF0421CBF} - System32\Tasks\{39493B2C-C869-4F6F-A24C-DBF796F18932} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {FB4F610E-0CE2-4C94-828E-3FD9EBB42F23} - System32\Tasks\{330C67F7-2F93-4A41-9694-E612F9C6956C} => C:\Users\EJC\Desktop\qdlx98.exe
Task: {FF312066-53B7-44EB-AE5E-A43309FA12E0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {FFD76D5C-5A03-436A-87F9-EDE49086A141} - System32\Tasks\{40993EC7-655F-483A-96CB-AC8A39C81AC2} => C:\Users\EJC\Desktop\qdlx98.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-11 19:13 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-25 19:21 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-03-26 11:27 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-10 00:32 - 2012-03-09 12:27 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2013-11-12 12:04 - 2013-11-12 12:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-07-10 00:25 - 2013-11-13 15:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 34089120 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2014-11-12 01:12 - 2014-11-12 01:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-04-15 01:10 - 2015-04-15 01:16 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2015-06-10 19:36 - 2015-05-12 13:27 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2015-04-15 01:10 - 2015-04-15 01:16 - 01754296 _____ () C:\Program Files\Microsoft Office 15\root\office15\tmpod.dll
2014-03-26 11:27 - 2014-04-11 22:42 - 00022696 _____ () C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconvpxy.dll
2014-11-12 01:12 - 2014-11-12 01:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1107464198-3355101354-199131294-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1107464198-3355101354-199131294-1000\...\sharepoint.com -> hxxps://gofsg.sharepoint.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1107464198-3355101354-199131294-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\EJC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSystemDetect => C:\Users\EJC\AppData\Local\Apps\2.0\QDHNRVRV.TXD\VB5KANHQ.VQ9\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{360818B8-964B-4BC0-9206-BCAC59EC9785}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{5854782B-46B4-418D-82E6-F7E9E727683A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{DF8232E2-21C4-4BDF-9383-C103EF7B1801}] => (Allow) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
FirewallRules: [{019B60EA-4C24-44D2-9B8B-F5016156488F}] => (Allow) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
FirewallRules: [{1CDEE8CD-62EB-4140-9E8E-1E2A69622C01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECB13F1D-6977-4B93-91C3-FA22CA3193D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2FBFFAA0-8D2E-4A03-8A90-D8E907BFE310}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{736A29CF-1C6C-4BDA-BB7F-BD06A344EC80}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{93A03753-7248-4FB6-A508-AAEB24A81C7B}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe
FirewallRules: [UDP Query User{3549D71D-41FD-40E0-A4C9-2D39990599C0}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe
FirewallRules: [{0FAEA7FE-0920-4CFB-B560-6394402ABD60}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{245FBE8B-0930-42CA-BFAF-3863954081B5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{BB7FDA74-141C-4C17-B0EC-5EFE5F32FED0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{7DF70E35-251D-4514-9A08-62A1EB87109D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D62BE10B-5909-4F44-AF5E-1DEF41087892}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C5B74700-D7A4-40A6-AF11-354729D2FA9B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BCC0E8FF-E972-4C39-92EB-CAF7A834ADE5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{94E0CEC9-2BB9-4C51-86EF-A957D6D76FFA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{CE47FA2C-0BFD-462F-8A68-616766056942}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{7147493E-5579-43D7-8E07-8FDCE0B5ED76}C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe
FirewallRules: [UDP Query User{B91A1FA3-02E9-4920-A060-A018F06F23E3}C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe

==================== Faulty Device Manager Devices =============

Name: Integrated Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2015 00:28:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: MSHTML.dll, version: 11.0.9600.17842, time stamp: 0x5565cf99
Exception code: 0xc0000005
Fault offset: 0x0053e8f0
Faulting process id: 0x24f8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (06/23/2015 00:17:24 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={117A4442-3AFC-4017-8A7C-895C062B0496}: The user EJC-PC\EJC dialed a connection named FSG VPN which has failed. The error code returned on failure is 0.

Error: (06/23/2015 00:15:32 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={8E43F796-3E75-4119-B8D1-0C8D7B123BAC}: The user EJC-PC\EJC dialed a connection named FSG VPN which has failed. The error code returned on failure is 0.

Error: (06/23/2015 00:13:38 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={AFF1A1FD-50B6-429B-9085-68BF8DD85E7F}: The user EJC-PC\EJC dialed a connection named FSG VPN which has failed. The error code returned on failure is 0.

Error: (06/23/2015 00:11:18 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D1A61067-8F53-4626-BB94-780B34BEB71F}: The user EJC-PC\EJC dialed a connection named FSG VPN which has failed. The error code returned on failure is 0.

Error: (06/23/2015 00:06:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 00:05:35 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/23/2015 00:05:05 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: EJC-PC)
Description: Application or service 'Skype for Business' could not be shut down.

Error: (06/22/2015 11:18:35 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

System errors:
=============
Error: (06/23/2015 00:30:11 AM) (Source: Schannel) (EventID: 4116) (User: EJC-PC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is sip.gofsg.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (06/23/2015 00:30:11 AM) (Source: Schannel) (EventID: 4120) (User: EJC-PC)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (06/23/2015 00:15:00 AM) (Source: Schannel) (EventID: 4116) (User: EJC-PC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is sip.gofsg.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (06/23/2015 00:15:00 AM) (Source: Schannel) (EventID: 4120) (User: EJC-PC)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (06/23/2015 00:14:45 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{DDBD1053-AC8A-47CE-8D04-B9253395CBCF} because another computer on the network has the same name. The server could not start.

Error: (06/23/2015 00:13:38 AM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={AFF1A1FD-50B6-429B-9085-68BF8DD85E7F}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

Error: (06/23/2015 00:11:25 AM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={D1A61067-8F53-4626-BB94-780B34BEB71F}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

Error: (06/22/2015 09:00:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (06/19/2015 08:18:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Microsoft Office:
=========================
Error: (06/23/2015 00:28:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbMSHTML.dll11.0.9600.178425565cf99c00000050053e8f024f801d0ad41f9bc673cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll4159a7d7-1960-11e5-b588-c4d9873facb3

Error: (06/23/2015 00:17:24 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {117A4442-3AFC-4017-8A7C-895C062B0496}EJC-PC\EJCFSG VPN0

Error: (06/23/2015 00:15:32 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {8E43F796-3E75-4119-B8D1-0C8D7B123BAC}EJC-PC\EJCFSG VPN0

Error: (06/23/2015 00:13:38 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {AFF1A1FD-50B6-429B-9085-68BF8DD85E7F}EJC-PC\EJCFSG VPN0

Error: (06/23/2015 00:11:18 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {D1A61067-8F53-4626-BB94-780B34BEB71F}EJC-PC\EJCFSG VPN0

Error: (06/23/2015 00:05:35 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (06/23/2015 00:05:05 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: EJC-PC)
Description: 1C:\Program Files\Microsoft Office 15\root\office15\ucmapi.exeSkype for Business021176436143003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00700072006F006700720061006D00660069006C006500730063006F006D006D006F006E007800380036005C006D006900630072006F0073006F006600740020007300680061007200650064005C006F0066006600690063006500310035005C006D0073006F002E0064006C006C000000

Error: (06/23/2015 00:05:05 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: EJC-PC)
Description: 1C:\Program Files\Microsoft Office 15\root\office15\lync.exeSkype for Business011173216143003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00700072006F006700720061006D00660069006C006500730063006F006D006D006F006E007800380036005C006D006900630072006F0073006F006600740020007300680061007200650064005C006F0066006600690063006500310035005C006D0073006F002E0064006C006C000000

Error: (06/22/2015 11:18:35 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

==================== Memory info ===========================

Processor: Intel® Core™ i7-4800MQ CPU @ 2.70GHz
Percentage of memory in use: 42%
Total physical RAM: 8097.33 MB
Available physical RAM: 4688.25 MB
Total Pagefile: 16192.87 MB
Available Pagefile: 12055.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.96 GB) (Free:299.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 20C2364A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

==================== End of log ============================

Edited by joseph456, 23 June 2015 - 08:04 AM.

#10
joseph456

Posted 23 June 2015 - 08:15 AM

Member

Topic Starter
Member
455 posts

Thanks! Appreciate your help. Previous message is from a Windows 7 64 Computer.

For some reason GTG was giving me a message that I was not allowed to "add this extension" and had to put it in another message

#11
Essexboy

Posted 23 June 2015 - 08:33 AM

GeekU Moderator

Retired Staff
69,964 posts

Is this one experiencing the same problem ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-1107464198-3355101354-199131294-1000 -> {FA5EA24D-EB5C-417F-AECA-A037B041C463} URL = https://startpage.co...anguage=english
2015-06-09 21:35 - 2014-11-12 01:05 - 00000000 __SHD C:\Users\EJC\AppData\Local\EmieBrowserModeList
2015-06-09 21:35 - 2014-04-08 21:06 - 00000000 __SHD C:\Users\EJC\AppData\Local\EmieUserList
2015-06-09 21:35 - 2014-04-08 21:06 - 00000000 __SHD C:\Users\EJC\AppData\Local\EmieSiteList
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

#12
joseph456

Posted 23 June 2015 - 09:08 AM

Member

Topic Starter
Member
455 posts

Will do this evening. Experiencing the same problem and noticed that I had allowed popups for this site in IE. When I took the site off the allowed popups list did not happen again. However, was happening in Firefox.

Thanks.

#13
joseph456

Posted 23 June 2015 - 04:27 PM

Member

Topic Starter
Member
455 posts

Thanks for your help. As requested:

Farbar Results:

Fix result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by EJC at 2015-06-23 18:10:22 Run:1
Running from C:\Users\EJC\Desktop
Loaded Profiles: EJC (Available Profiles: EJC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-1107464198-3355101354-199131294-1000 -> {FA5EA24D-EB5C-417F-AECA-A037B041C463} URL = https://startpage.co...anguage=english
2015-06-09 21:35 - 2014-11-12 01:05 - 00000000 __SHD C:\Users\EJC\AppData\Local\EmieBrowserModeList
2015-06-09 21:35 - 2014-04-08 21:06 - 00000000 __SHD C:\Users\EJC\AppData\Local\EmieUserList
2015-06-09 21:35 - 2014-04-08 21:06 - 00000000 __SHD C:\Users\EJC\AppData\Local\EmieSiteList
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
"HKU\S-1-5-21-1107464198-3355101354-199131294-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA5EA24D-EB5C-417F-AECA-A037B041C463}" => key removed successfully
HKCR\CLSID\{FA5EA24D-EB5C-417F-AECA-A037B041C463} => key not found.
C:\Users\EJC\AppData\Local\EmieBrowserModeList => moved successfully.
C:\Users\EJC\AppData\Local\EmieUserList => moved successfully.
C:\Users\EJC\AppData\Local\EmieSiteList => moved successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1107464198-3355101354-199131294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1107464198-3355101354-199131294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {9900FCC0-96D9-49E8-AA37-5B145DBB7F92}.
Unable to cancel {00C66995-05CA-404D-8F0C-489C5EDB2F47}.
Unable to cancel {1BE44922-BA41-4659-914D-A338DFDBC790}.
{28DC4AC3-0BEF-41C1-9C75-3A90C14FD36B} canceled.
1 out of 4 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 89.3 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 18:10:44 ====

Adware Cleaner

# AdwCleaner v4.207 - Logfile created 23/06/2015 at 18:17:25
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : EJC - EJC-PC
# Running from : C:\Users\EJC\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

*************************

AdwCleaner[R0].txt - [747 bytes] - [23/06/2015 18:15:46]
AdwCleaner[S0].txt - [673 bytes] - [23/06/2015 18:17:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [731 bytes] ##########