Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

URL:Mal on my PC from Avast

Started by cyclops365 , Jul 08 2015 04:19 PM

This topic is locked

#1
cyclops365

Posted 08 July 2015 - 04:19 PM

Member

Member
20 posts

Hello,

Thanks in advance for taking your time to help.

My computer seems to be infected by some sort of virus and/or malware.

Avast webshield pop-up constantly indicating that it's blocking a harmful file. This happens frequently regardless of the activity I'm engaged in.

Most commonly it shows this:

Object: http://transfercom/c...055/01/9BB2D7A7...

Infection: URL:Mal

Process: C:\ProgramFiles\...\iexplore.exe

OK I'm not a geek, and I don't know where to start. All I did was google virus infection name and found my way here.

If anyone can help I'd be thankful

#2
zep516

Posted 08 July 2015 - 07:02 PM

Trusted Helper

Malware Removal
8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
cyclops365

Posted 09 July 2015 - 02:04 AM

Member

Topic Starter
Member
20 posts

Thanks for your help

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by Ian (administrator) on IAN-PC on 09-07-2015 07:46:39
Running from C:\Users\Ian\Desktop
Loaded Profiles: Ian (Available Profiles: Ian)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [327680 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [122880 2013-04-16] (Saitek)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\iSkysoft\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\Run: [FoqbIxmil] => regsvr32.exe "C:\ProgramData\FoqbIxmil\QaglUyok.pfn"
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\MountPoints2: I - I:\SetupWi-Fi.exe
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\MountPoints2: {e5730989-a6ed-11e3-a389-0019d15bef4d} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\MountPoints2: {e5730a1e-a6ed-11e3-a389-0019d15bef4d} - I:\SetupWi-Fi.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-02] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-1024250805-3410414209-3862033251-1000 -> DefaultScope {BD6A83D4-55B4-458F-81E3-969C193667D0} URL = https://www.google.c...{outputEncoding?}
SearchScopes: HKU\S-1-5-21-1024250805-3410414209-3862033251-1000 -> {BD6A83D4-55B4-458F-81E3-969C193667D0} URL = https://www.google.c...{outputEncoding?}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-02] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{232B33FC-5A4C-4448-8658-7D5B59AC06ED}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{AB750BFA-1937-4024-A565-63EF46FCEB67}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{C551CC47-055F-44D5-8567-9EB6C297A9B1}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{C88134E2-0B21-414D-BBA7-DE689662E460}: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files\VideoDownloadConverter\npVDCPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1024250805-3410414209-3862033251-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-26] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-25]

Chrome:
=======
CHR Profile: C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-26]
CHR Extension: (Google Drive) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-26]
CHR Extension: (YouTube) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]
CHR Extension: (Google Search) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-07-02] (Avast Software)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19405768 2014-04-02] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [26112 2010-04-29] (Google Inc)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-07-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-07-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-07-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-07-02] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-07-02] ()
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [11904 2013-02-12] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [97408 2013-02-12] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70272 2013-02-12] (Huawei Technologies Co., Ltd.) [File not signed]
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [77696 2013-02-12] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-02-12] (Huawei Technologies Co., Ltd.) [File not signed]
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-21] (NVIDIA Corporation)
S3 SaiH0255; C:\Windows\System32\DRIVERS\SaiH0255.sys [136832 2008-02-15] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [23200 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [46624 2013-04-30] (Saitek)
S3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-02] (Avast Software)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\System32\Drivers\androidusb.sys DB0FEB51DFA00543BF381D2014550FA3
C:\Windows\system32\drivers\appid.sys 81F97D8F8B3FB94A451CC6F7CF8B2965
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys EFDEF61C488A193986D4672658E91532
C:\Windows\system32\drivers\aswMonFlt.sys 91AAF4792987B43C0653D74516F092C8
C:\Windows\system32\drivers\aswRdr2.sys 8C8FEC9F50898BB814BDFB5F5B2D566C
C:\Windows\system32\Drivers\aswRvrt.sys 2DB91CE80C367ACDD1331DE9B1E3EAEF
C:\Windows\system32\drivers\aswSnx.sys 83DF5B3DE1C6527972946CDB328446F7
C:\Windows\system32\drivers\aswSP.sys 16D269F0EF94DB61FAB6934DEED19C91
C:\Windows\system32\drivers\aswStm.sys A5F0A2EB182C8A137E2C43CB4109EC1E
C:\Windows\system32\Drivers\aswVmm.sys D45875D018F9FB9BF19B976AD8791DE9
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3051724F223EA48968B19567DE2A81F4
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\System32\DRIVERS\e100b325.sys 20DE769B84960606D8DBB2AEC123021A
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys 6B4AC26C62F55AF324E3809EE2AD9F0C
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HSX_DPV.sys 1882827F41DEE51C70E24C567C35BFB5
C:\Windows\System32\DRIVERS\HSXHWBS2.sys 5F60F0AD32D43B9AB9AC9373117D8E54
C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9
C:\Windows\System32\DRIVERS\ew_jucdcacm.sys A37E78E6D6FB537ED9F11E8FC60D7634
C:\Windows\System32\DRIVERS\ew_jucdcecm.sys 660F4EC9264BDC184033B660AFD26028
C:\Windows\System32\DRIVERS\ew_jubusenum.sys 1820A7E1FD88BA8616E8EB4EBDBCBFCB
C:\Windows\System32\DRIVERS\ew_juextctrl.sys 5FCFEB257515174923B0305DF65BFF0D
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 3C9D9DFCF517103677D7B6255C727B48
C:\Windows\System32\Drivers\ksecpkg.sys 0DFC56491C8B56A35AD52EAF770752FE
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 644905A19D0F37F2233DFCE53BC4BC19
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl.sys 9213AA35BCA94EB79D366DA254E4BDF5
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda32v.sys ED53B817E63AFFBA328C2E9632FBF487
C:\Windows\System32\DRIVERS\nvlddmkm.sys 75FA3DC6C2838F35B15CF45E9E0D10A8
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\System32\drivers\nvvad32v.sys 35FCEEF574BD445D307DCD2CC83926E0
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 83EE20D7160484C9172FDF0ACBDC8929
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SaiH0255.sys C427EEC18FBDF6D69DE0C8B974EB450A
C:\Windows\System32\DRIVERS\SaiMini.sys AEE1BDE22F6E9284D59B48706DB75110
C:\Windows\System32\drivers\SaiBus.sys ED42254EADDB77E3BED57294949326FF
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\VSTBS23.SYS 682FCF7D2EB5158CD30408E976562408
C:\Windows\System32\DRIVERS\VSTDPV3.SYS CEB4E3B6890E1E42DCA6694D9E59E1A0
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS BC0C7EA89194C299F051C24119000E17
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys EC1C23779BB41A8B2AB2AA6FCE308BDE
C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys ACC8107C8CA822972D3E70550DCBF07B
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HSX_CNXT.sys E096FFB754F1E45AE1BDDAC1275AE2C5
C:\Windows\system32\drivers\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\system32\drivers\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xaudio.sys E3FCF2870B5D7979B3BF10E98A71C847

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 07:46 - 2015-07-09 07:47 - 00033368 _____ C:\Users\Ian\Desktop\FRST.txt
2015-07-09 07:43 - 2015-07-09 07:43 - 01636352 _____ (Farbar) C:\Users\Ian\Desktop\FRST.exe
2015-07-08 22:59 - 2015-07-09 07:46 - 00000000 ____D C:\FRST
2015-07-08 22:40 - 2015-07-08 22:40 - 00000000 ____D C:\Windows\system32\vbox
2015-07-08 21:58 - 2015-07-08 21:58 - 00000000 ____D C:\ProgramData\FoqbIxmil
2015-07-03 13:22 - 2015-07-04 11:07 - 00018684 _____ C:\Users\Ian\Desktop\Chorley 2015 16 Fixtures.odt
2015-07-02 07:37 - 2015-07-02 07:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-02 07:36 - 2015-07-02 07:36 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-07-02 07:36 - 2015-07-02 07:36 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-28 00:14 - 2015-06-28 00:15 - 00021058 _____ C:\Users\Ian\Desktop\MIS PREDICTION LEAGUE 1516.ods
2015-06-27 23:58 - 2015-07-07 21:19 - 00009244 _____ C:\Users\Ian\Desktop\BtD Prediction League.ods
2015-06-11 14:43 - 2015-06-11 14:43 - 00007334 _____ C:\Users\Ian\Desktop\blank text.odt
2015-06-10 09:02 - 2015-06-02 20:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:02 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:02 - 2015-05-23 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:02 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:02 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:02 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:02 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:02 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:02 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:02 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:02 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:02 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:02 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:02 - 2015-05-23 04:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:02 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:02 - 2015-05-23 04:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:02 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:02 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:02 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:02 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:02 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:02 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:02 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:02 - 2015-05-23 03:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:02 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:02 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:02 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:02 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:02 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:02 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 09:01 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:01 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 08:54 - 2015-05-25 18:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 08:54 - 2015-04-11 04:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 08:50 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-10 08:50 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 08:50 - 2015-05-25 19:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 08:50 - 2015-05-25 19:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 08:50 - 2015-05-25 19:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 08:50 - 2015-05-25 19:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 08:50 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 08:50 - 2015-05-25 19:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 08:50 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 08:50 - 2015-05-25 19:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 08:50 - 2015-05-25 19:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 08:50 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 08:50 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 08:50 - 2015-05-25 19:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 08:50 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 08:50 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 08:49 - 2015-05-25 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 08:49 - 2015-05-25 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 08:49 - 2015-05-25 18:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 08:49 - 2015-05-25 17:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 08:49 - 2015-05-09 04:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 08:49 - 2015-05-09 04:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 08:49 - 2015-05-09 04:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 08:49 - 2015-05-09 04:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 08:49 - 2015-05-09 04:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 02:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:49 - 2015-05-09 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:49 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 08:49 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 08:49 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 08:49 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 08:49 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 08:49 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-08 09:46 - 2015-06-08 09:46 - 00000000 ____D C:\Users\Ian\AppData\Local\DOSBox
2015-06-07 14:32 - 2015-06-07 14:32 - 00159288 _____ C:\Windows\Minidump\060715-31621-01.dmp
2015-06-05 13:38 - 2015-05-22 19:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 13:38 - 2015-05-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 13:38 - 2015-05-22 19:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 13:38 - 2015-05-22 19:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 13:38 - 2015-05-22 19:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 13:38 - 2015-05-22 19:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 13:38 - 2015-05-22 18:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 13:38 - 2015-05-21 14:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-01 23:44 - 2015-06-01 23:44 - 00002074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-01 13:26 - 2015-06-01 13:26 - 00000000 ____D C:\Users\Ian\AppData\Local\GWX
2015-05-14 14:25 - 2015-05-01 14:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:27 - 2015-05-13 18:27 - 00000000 ____D C:\Program Files\Common Files\Java
2015-05-13 09:34 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 09:33 - 2015-04-20 03:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 09:33 - 2015-04-20 03:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 09:33 - 2015-04-18 03:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 09:33 - 2015-04-13 04:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 09:32 - 2015-04-08 04:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 09:32 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 09:32 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 09:32 - 2015-03-04 05:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 09:32 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 09:31 - 2015-04-08 04:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 09:31 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-06 19:07 - 2015-05-06 19:07 - 00159544 _____ C:\Windows\Minidump\050615-21340-01.dmp
2015-04-30 11:38 - 2015-06-23 10:53 - 00759048 _____ C:\Users\Ian\abbies bedtime routine chart.odt
2015-04-23 14:18 - 2015-04-23 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-04-23 14:17 - 2015-04-23 14:18 - 00000000 ____D C:\Program Files\QuickTime
2015-04-23 12:08 - 2015-04-23 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-23 12:07 - 2015-04-23 12:08 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-23 12:07 - 2015-04-23 12:08 - 00000000 ____D C:\Program Files\iTunes
2015-04-23 12:07 - 2015-04-23 12:07 - 00000000 ____D C:\Program Files\iPod
2015-04-16 23:23 - 2015-04-16 23:23 - 00000000 ___RD C:\Program Files\Skype
2015-04-16 23:23 - 2015-04-16 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 23:23 - 2015-04-16 23:23 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-04-15 10:49 - 2015-03-04 05:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:49 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 07:35 - 2015-03-05 05:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 07:34 - 2015-03-25 04:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 07:34 - 2015-03-25 04:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 07:34 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 07:34 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 07:34 - 2015-03-25 04:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 07:34 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 07:34 - 2015-03-25 04:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 07:34 - 2015-03-25 04:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 07:34 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 07:34 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 07:34 - 2015-03-25 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 07:34 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 07:34 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 07:34 - 2015-02-25 04:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 11:05 - 2015-04-13 11:06 - 00163656 _____ C:\Windows\Minidump\041315-33821-01.dmp
2015-04-11 22:05 - 2015-04-11 22:05 - 00159528 _____ C:\Windows\Minidump\041115-22323-01.dmp

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 07:45 - 2013-07-24 12:13 - 01900843 _____ C:\Windows\WindowsUpdate.log
2015-07-09 07:42 - 2013-11-26 19:16 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 07:38 - 2009-07-14 05:34 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-09 07:38 - 2009-07-14 05:34 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-09 07:33 - 2013-07-24 13:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-08 22:36 - 2013-11-26 19:16 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 22:36 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-08 22:36 - 2009-07-14 05:39 - 00080535 _____ C:\Windows\setupact.log
2015-07-08 22:35 - 2013-07-24 17:47 - 00333696 _____ C:\Windows\PFRO.log
2015-07-08 22:35 - 2013-07-24 14:12 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-05 11:23 - 2013-08-05 04:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2015-07-05 11:23 - 2013-07-25 12:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-05 11:23 - 2013-07-25 08:39 - 00000000 ____D C:\FS9
2015-07-05 10:44 - 2013-07-24 12:15 - 00001479 _____ C:\Users\Ian\Desktop\Internet Explorer.lnk
2015-07-04 01:08 - 2013-07-26 00:19 - 00000000 ____D C:\Program Files\Ltrack
2015-07-02 12:21 - 2013-07-25 22:29 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-07-02 07:36 - 2014-05-29 12:11 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-07-02 07:36 - 2014-01-02 17:52 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-07-02 07:36 - 2013-07-25 22:29 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-02 07:36 - 2013-07-25 22:28 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-02 07:36 - 2013-07-25 22:28 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-07-02 07:36 - 2013-07-25 22:28 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-02 07:36 - 2013-07-25 22:28 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-28 17:03 - 2013-08-02 17:39 - 00204288 ___SH C:\Users\Ian\Documents\Thumbs.db
2015-06-28 00:16 - 2013-07-24 12:15 - 00000000 ____D C:\Users\Ian
2015-06-26 23:49 - 2013-07-25 10:31 - 00000000 ____D C:\Users\Ian\Documents\Flight Simulator Files
2015-06-26 22:51 - 2013-08-22 11:03 - 00000000 ____D C:\Users\Ian\AppData\Local\Deployment
2015-06-26 21:56 - 2013-08-20 12:50 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Audacity
2015-06-24 22:27 - 2013-07-24 12:20 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-24 13:50 - 2013-07-24 13:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-24 13:50 - 2013-07-24 13:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-23 13:27 - 2013-07-24 12:45 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-23 10:38 - 2013-08-23 17:06 - 00489472 ___SH C:\Users\Ian\Thumbs.db
2015-06-19 17:36 - 2014-04-28 00:17 - 00000000 ____D C:\Users\Ian\AppData\Roaming\uTorrent
2015-06-18 14:18 - 2009-07-14 05:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-18 13:30 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-06-18 11:50 - 2013-07-24 13:57 - 00000000 ____D C:\Users\Ian\AppData\Local\Adobe
2015-06-18 11:49 - 2014-11-14 09:09 - 00000000 __SHD C:\Users\Ian\AppData\Local\EmieBrowserModeList
2015-06-18 11:49 - 2014-05-02 06:25 - 00000000 __SHD C:\Users\Ian\AppData\Local\EmieUserList
2015-06-18 11:49 - 2014-05-02 06:25 - 00000000 __SHD C:\Users\Ian\AppData\Local\EmieSiteList
2015-06-18 11:46 - 2009-07-14 05:33 - 00306232 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-17 23:55 - 2013-07-24 14:25 - 00000000 ____D C:\Windows\system32\MRT
2015-06-17 23:49 - 2013-07-24 13:43 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-13 00:32 - 2013-10-26 23:53 - 00000000 ____D C:\Users\Ian\AppData\Roaming\vlc
2015-06-10 10:41 - 2013-09-30 14:55 - 00000000 ____D C:\Users\Ian\Desktop\Photos to print
2015-06-09 09:25 - 2013-07-24 20:11 - 00000000 ____D C:\Users\Ian\Desktop\magpie radio

==================== Files in the root of some directories =======

2013-09-24 13:39 - 2013-09-24 13:41 - 0000600 _____ () C:\Users\Ian\AppData\Local\PUTTY.RND

Files to move or delete:
====================
C:\Users\Ian\xobglu16.dll
C:\Users\Ian\xobglu32.dll

Some files in TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\APNSetup.exe
C:\Users\Ian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb1ykjf.dll
C:\Users\Ian\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Ian\AppData\Local\Temp\mahjongmatch-111177437-setup.s111177437.c110268333.len.u.dl.exe
C:\Users\Ian\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Ian\AppData\Local\Temp\setup.exe
C:\Users\Ian\AppData\Local\Temp\shutdown1395163378.exe
C:\Users\Ian\AppData\Local\Temp\tbBit0.dll
C:\Users\Ian\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Ian\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Ian\AppData\Local\Temp\vlc-2.2.1-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {8440c2ae-f49c-11e2-b142-ebb353347173}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {8440c2b0-f49c-11e2-b142-ebb353347173}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {8440c2ae-f49c-11e2-b142-ebb353347173}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {8440c2b0-f49c-11e2-b142-ebb353347173}
device                  ramdisk=[C:]\Recovery\8440c2b0-f49c-11e2-b142-ebb353347173\Winre.wim,{8440c2b1-f49c-11e2-b142-ebb353347173}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8440c2b0-f49c-11e2-b142-ebb353347173\Winre.wim,{8440c2b1-f49c-11e2-b142-ebb353347173}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {8440c2ae-f49c-11e2-b142-ebb353347173}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier              {8440c2b1-f49c-11e2-b142-ebb353347173}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8440c2b0-f49c-11e2-b142-ebb353347173\boot.sdi

LastRegBack: 2015-07-03 08:59

==================== End of log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by Ian at 2015-07-09 07:48:01
Running from C:\Users\Ian\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1024250805-3410414209-3862033251-500 - Administrator - Disabled)
Guest (S-1-5-21-1024250805-3410414209-3862033251-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1024250805-3410414209-3862033251-1011 - Limited - Enabled)
Ian (S-1-5-21-1024250805-3410414209-3862033251-1000 - Administrator - Enabled) => C:\Users\Ian

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Active Camera 2004 (HKLM\...\Active Camera 2004) (Version: - )
ActiveRadar Update v1.2 (HKLM\...\{7B8B9BE3-6EFC-4A25-AE30-3F4E29522BA3}) (Version: 1.2.1 - HiFi Simulation Software)
ActiveSky Version 6.5 and ActiveSky Graphics (HKLM\...\{0F0D371F-C111-4279-963A-04139A5E49DB}) (Version: 0.6.995 - HiFi Simulation Software)
ActiveSky2004 (HKLM\...\{5635FCDA-2B86-400F-BF23-784AB09B590F}) (Version: 1.0.0002 - HiFi Simulation Software)
ActiveSky2004.5 Update (HKLM\...\{C30E5DE8-AF71-48B9-8E4E-B2B8F98CD8E6}) (Version: 1.5.1471 - HiFi Simulation Software)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aerosoft's - Aerosoft Launcher (HKLM\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.0.0.7 - Aerosoft)
aerosoft's - Antalya 2010 (HKLM\...\{7488FFEB-DA27-45FE-ADA4-4277DDF6D2E5}) (Version: 1.04 - aerosoft)
aerosoft's - Balearic Islands X for FS2004 (HKLM\...\{5EE08A0C-9C8B-4FEA-9E1D-31124A90FF75}) (Version: 1.01 - aerosoft)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASV - ActiveSky Version 5 (HKLM\...\{349D278F-64F5-4BF3-AD0B-32D3F89017A3}) (Version: 0.1.3141 - HiFi Simulation Software)
ASV - Upgrade from AS2004.5 Installer (HKLM\...\{345643C6-2BBE-4819-B9DB-FBE581D580B9}) (Version: 0.2.0 - HiFi Simulation Software)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
Blue Sky (HKLM\...\{0B365286-5E64-44A4-A49F-04CF4C85A3B3}) (Version: 1.0.10317 - FS Products)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Crazy Taxi (HKLM\...\{B97ACE80-6D9B-11D6-AFFD-0040052179B6}) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Disney's Get Ready for School with Mickey (HKLM\...\{31154120-9EB6-11D4-B231-0050DACD394D}) (Version: - )
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version: - )
FSNavigator (HKLM\...\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}) (Version: 4.7 - FSNavigator team)
GAP_LGSK 2007 (HKLM\...\GAP_LGSK 2007) (Version: - )
GAP_LGZA 2006 (HKLM\...\GAP_LGZA 2006) (Version: - )
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iFly Jets - 737NG for FS2004 Feature Pack (HKLM\...\iFly Jets - 737NG for FS2004 Feature Pack) (Version: - )
iFly Jets - The 737NG for FS2004 (HKLM\...\iFly Jets - The 737NG for FS2004) (Version: - )
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAGO Hurghada Scenery FS2004 Version 1.01 (HKLM\...\{72A53810-7DEC-4154-8584-C8C0BEA0CF7E}) (Version: 1.01.00 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Learning Ladder Preschool (HKLM\...\{CC0BA5A8-E3EC-11D5-9194-00105A68CFFF}) (Version: - )
Level-D Simulations 767-300 (HKLM\...\763v2) (Version: - )
London Control (HKLM\...\{16FA48D5-24F7-4B45-85D0-777510BC0643}) (Version: 1.1 - DM Aviation Limited)
Ltrack 6.8 (HKLM\...\Ltrack_is1) (Version: - Nigel Thomas)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1342 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM\...\{EA1DC8F8-C357-44CA-A332-AB9762DF698C}) (Version: 4.00.9702 - Apache Software Foundation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Sharepod 4.0.0.4 (HKLM\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{5C93C2C2-4EB3-4830-974A-69EDE0E1C37B}) (Version: 7.0.27.13 - Mad Catz)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: - )
SquawkBox (HKLM\...\SquawkBox) (Version: - )
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19617 - TeamViewer)
TomTom HOME (HKLM\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
UK2000 Gatwick Xtreme FS9 (HKLM\...\UK2000 Gatwick Xtreme FS9) (Version: 3.00 - UK2000 Scenery)
UK2000 Manchester Xtreme FS2004 Uninstall (HKLM\...\UK2000 Manchester Xtreme FS2004) (Version: - )
Unity Web Player (HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
vroute.info (HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\ea913c639d7ea423) (Version: 1.1.1.3 - vroute)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 beta 7 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06C9F2B0-E350-42AB-B136-32BFAB294992} - System32\Tasks\{D54A7B77-80CE-4E0F-BD1B-69019BAC01D7} => pcalua.exe -a "C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0SM5VSM\jre-8u25-windows-i586.com" -d C:\Users\Ian\Desktop
Task: {11F508B7-CE24-4642-B1D1-CB693B9BD682} - System32\Tasks\{5BA4AEC5-558F-4E89-8F00-62F40901B368} => pcalua.exe -a "C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FE1I93K3\VisualBasic6-KB896559-v1-ENU.exe" -d C:\Users\Ian\Desktop
Task: {59432A95-C2E6-414F-B111-F217912CEF24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {7C1F2249-19BF-49CC-8902-E83C76246955} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {B58E890B-BC87-42B2-82A9-00BCC97E9748} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-02] (Avast Software s.r.o.)
Task: {D16CDF9E-3810-4918-8D68-9A39DE6F958C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D4AA8B0E-AC53-4068-BA3E-5A5C12B9B726} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {DC8A5A05-53E9-429C-AD02-185CF50B6DBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {F5B08A75-B998-4405-A8B0-E404136A5D1F} - System32\Tasks\{0415705B-8546-4984-9FE1-0E6E6673626F} => pcalua.exe -a "C:\Users\Ian\Downloads\FSUIPC4\Install FSUIPC4.exe" -d C:\Users\Ian\Downloads\FSUIPC4

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-07-24 14:12 - 2013-06-21 10:52 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-07-02 07:36 - 2015-07-02 07:36 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-02 07:36 - 2015-07-02 07:36 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-08 20:21 - 2015-07-08 20:21 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070801\algo.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-02 07:36 - 2015-07-02 07:36 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:390B30B4

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 194.168.4.100 - 194.168.8.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48BEBBC0-4C34-4236-AF7C-00287E98F181}] => (Allow) C:\Program Files\Edimax\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{92573158-B190-4CE4-8EF8-3658060BCFB2}] => (Allow) C:\Program Files\Edimax\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{87FDFE6B-CBE8-49B5-BF4C-1D53495F2F1F}] => (Allow) LPort=1542
FirewallRules: [{97875C2F-3FBD-43CA-BA6C-E10D3F04DE1F}] => (Allow) LPort=1542
FirewallRules: [{E8BD5891-A1B1-4594-A5B1-5411C2CF6696}] => (Allow) LPort=53
FirewallRules: [{81446DD3-4463-4676-A99F-E6C021A48657}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8220C3B8-8827-4FFB-B1BC-D1463E378BF7}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{CECA9141-CDA8-4504-860E-8E3EEC35706D}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [TCP Query User{8FDA18E5-6015-4DC5-B224-DFEE2491ABC4}C:\fs9\fs9.exe] => (Allow) C:\fs9\fs9.exe
FirewallRules: [UDP Query User{D22222F6-2B36-47EC-96AA-E5E1E485775B}C:\fs9\fs9.exe] => (Allow) C:\fs9\fs9.exe
FirewallRules: [TCP Query User{7FBBF709-F808-4763-BF19-64B87A6C65C4}C:\windows\system32\dpnsvr.exe] => (Allow) C:\windows\system32\dpnsvr.exe
FirewallRules: [UDP Query User{8E751E6D-3220-4827-937C-4E2D08E9176C}C:\windows\system32\dpnsvr.exe] => (Allow) C:\windows\system32\dpnsvr.exe
FirewallRules: [{CDB34873-F6A2-43AC-BF9B-79DC7D8E770E}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{71520B0B-C5E4-4804-833F-424B552A7E82}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{08189C55-646E-4B0F-82D2-2D9C6397CB23}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{5F9A5815-2568-4A1E-A56D-8F9C7CB9E90F}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{EA1F26FE-7211-4C1D-892E-13E8E4FF0FBC}C:\program files\xbmc\xbmc.exe] => (Allow) C:\program files\xbmc\xbmc.exe
FirewallRules: [UDP Query User{4AE2BA6F-D54B-4E19-89B6-A049D62EF58D}C:\program files\xbmc\xbmc.exe] => (Allow) C:\program files\xbmc\xbmc.exe
FirewallRules: [{1D1D047A-784E-47FD-954C-E85DF4363A90}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EAEE1866-A235-4623-8D35-69E84BE6E035}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EC985870-F6E9-48CD-B111-175F0F0F6033}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A601BA56-58C2-493D-91D6-57FC194CC91A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0C83DB2E-2C1E-4F1A-A391-9BBD8EA6BC98}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{42C17A15-DA33-42FC-B721-47DE168F7C44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{10E68531-AFAA-42E6-A256-14573E09F666}C:\program files\steam\steam.exe] => (Allow) C:\program files\steam\steam.exe
FirewallRules: [UDP Query User{31D62AE1-0D2E-4B3B-83BA-E22EDF331219}C:\program files\steam\steam.exe] => (Allow) C:\program files\steam\steam.exe
FirewallRules: [{5E2231A1-286A-4ECC-AB9E-ACFF24067B2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F95EB09C-A4C0-40EB-AC40-78604740593B}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8A6464BA-6386-4C60-8D03-ECFDBDBCACD8}] => (Allow) C:\Users\Ian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EA7A5639-5458-40CB-AF5F-04C5DB611140}] => (Allow) C:\Users\Ian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{8CEC311E-5B2D-424A-B340-8AAF54EAE240}C:\program files\iskysoft\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files\iskysoft\video converter ultimate\urlreqservice.exe
FirewallRules: [UDP Query User{0348492C-957C-4637-8BC3-C10F679EBDBD}C:\program files\iskysoft\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files\iskysoft\video converter ultimate\urlreqservice.exe
FirewallRules: [{EE34A58D-22F2-49AC-9A18-0CD2551C672F}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B9AA5FCC-5F3E-4378-BA3C-763E49B79157}] => (Allow) LPort=2869
FirewallRules: [{FE78FE5B-F066-4A8E-9863-31015EEB25E3}] => (Allow) LPort=1900
FirewallRules: [{46720369-173D-42CE-B87C-8BD583F56AF1}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{45F82F43-F8EB-41F7-8139-0416AB2DB409}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{7DA6EFAD-7018-43A3-8B8D-B472DACD2DE0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D592B1C2-C257-4B49-BBBF-E3660340A1AB}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{8A68DF91-736C-4630-B9D5-5F25BDD84F42}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3BF7A37-9F2E-47D6-888E-44F6D5C04271}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B1506649-5183-4E18-81EA-F51E95CCD5EE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B3AD3686-B34F-4113-8290-A470EF86C636}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2015 11:31:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5c0

Start Time: 01d0b9cc63ff9b00

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/08/2015 11:20:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5e0

Start Time: 01d0b9c739b3b402

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/08/2015 10:14:00 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (07/08/2015 10:09:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4ee4

Start Time: 01d0b9bdba311cb6

Termination Time: 200

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/08/2015 09:59:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636303
Exception code: 0xc0000029
Fault offset: 0x000908b6
Faulting process id: 0x4af4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/08/2015 09:58:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x150bb179
Faulting process id: 0x4af4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/08/2015 02:37:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9173

Error: (07/08/2015 02:37:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9173

Error: (07/08/2015 02:37:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2015 07:48:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15740

System errors:
=============
Error: (07/08/2015 09:58:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/08/2015 09:58:00 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/08/2015 09:48:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/08/2015 09:48:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/08/2015 02:28:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/08/2015 00:28:41 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/08/2015 00:28:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/08/2015 00:01:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/08/2015 10:17:30 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Microsoft Office:
=========================
Error: (07/08/2015 11:31:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.178405c001d0b9cc63ff9b000C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/08/2015 11:20:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.178405e001d0b9c739b3b4020C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/08/2015 10:09:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.178404ee401d0b9bdba311cb6200C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/08/2015 09:59:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17840555fe1bbntdll.dll6.1.7601.1886955636303c0000029000908b64af401d0b9c0b60a37f2C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll2b765444-25b4-11e5-b442-0019d15bef4d

Error: (07/08/2015 09:58:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17840555fe1bbunknown0.0.0.000000000c0000005150bb1794af401d0b9c0b60a37f2C:\Program Files\Internet Explorer\iexplore.exeunknown20fba93c-25b4-11e5-b442-0019d15bef4d

Error: (07/08/2015 02:37:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9173

Error: (07/08/2015 02:37:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9173

Error: (07/08/2015 02:37:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2015 07:48:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15740

==================== Memory info ===========================

Processor: Intel® Pentium® D CPU 3.00GHz
Percentage of memory in use: 47%
Total physical RAM: 2045.97 MB
Available physical RAM: 1081.19 MB
Total Virtual: 4091.94 MB
Available Virtual: 2455.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:289.02 GB) (Free:174.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Gunge1) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0AE6D988)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)

==================== End of log ============================

#4
zep516

Posted 09 July 2015 - 07:24 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

CloseProcesses:
CreateRestorePoint:
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
2015-06-19 17:36 - 2014-04-28 00:17 - 00000000 ____D C:\Users\Ian\AppData\Roaming\uTorrent
C:\Users\Ian\xobglu16.dll
C:\Users\Ian\xobglu32.dll
AlternateDataStreams: C:\ProgramData\TEMP:390B30B4
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files\VideoDownloadConverter\npVDCPlugin.dll No File
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner

Next

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;

Fix log.txt, That log will be found on the desk top after fix has run.
The AdwCleaner [SO].txt Log
The JRT.txt Log

Thanks
Joe

#5
cyclops365

Posted 10 July 2015 - 02:36 AM

Member

Topic Starter
Member
20 posts

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by Ian at 2015-07-10 09:30:52 Run:1
Running from C:\Users\Ian\Desktop
Loaded Profiles: Ian (Available Profiles: Ian)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
2015-06-19 17:36 - 2014-04-28 00:17 - 00000000 ____D C:\Users\Ian\AppData\Roaming\uTorrent
C:\Users\Ian\xobglu16.dll
C:\Users\Ian\xobglu32.dll
AlternateDataStreams: C:\ProgramData\TEMP:390B30B4
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files\VideoDownloadConverter\npVDCPlugin.dll No File
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully.
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully.
C:\Users\Ian\AppData\Roaming\uTorrent => moved successfully.
C:\Users\Ian\xobglu16.dll => moved successfully.
C:\Users\Ian\xobglu32.dll => moved successfully.
C:\ProgramData\TEMP => ":390B30B4" ADS removed successfully..
"HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter" => key removed successfully.
"HKLM\Software\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin" => key removed successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{2C1F2A10-3B5F-4476-A010-31588626D6B4} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 2.1 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 09:32:49 ====

#6
cyclops365

Posted 10 July 2015 - 02:53 AM

Member

Topic Starter
Member
20 posts

# AdwCleaner v4.208 - Logfile created 10/07/2015 at 09:50:27
# Updated 09/07/2015 by Xplode
# Database : 2015-07-10.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Ian - IAN-PC
# Running from : C:\Users\Ian\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Ian\AppData\Local\Conduit
Folder Deleted : C:\Users\Ian\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ian\AppData\Roaming\DesktopIconForAmazon
File Deleted : C:\END

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36

-83B2-46B8-B39A-EC72A4614A07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{66D59105-FE06-43A4-B292-EB0097E9EB74}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{8AADC8B2-562B-407B-88B3-916140226CBC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Appscion
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

[ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [2350 bytes] - [10/07/2015 09:49:07]
AdwCleaner[S0].txt - [2323 bytes] - [10/07/2015 09:50:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2382 bytes] ##########

#7
cyclops365

Posted 10 July 2015 - 03:02 AM

Member

Topic Starter
Member
20 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.9 (07.09.2015:2)
OS: Windows 7 Ultimate x86
Ran by Ian on 10/07/2015 at 9:54:45.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Chrome

[C:\Users\Ian\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Ian\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Ian\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Ian\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/07/2015 at 10:00:42.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8
zep516

Posted 10 July 2015 - 02:34 PM

Trusted Helper

Malware Removal
8,090 posts

Hello;

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
Enable free trial of Malwarebytes Anti-Malware Premium
Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
Reboot your computer if prompted.

Posting the Malwarebytes log.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
post that saved log to your next reply.

#9
cyclops365

Posted 10 July 2015 - 10:37 PM

Member

Topic Starter
Member
20 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/07/2015
Scan Time: 05:04
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.11.01
Rootkit Database: v2015.07.10.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Ian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332044
Time Elapsed: 25 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
IPH.Trojan.VawTrak, HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FoqbIxmil, regsvr32.exe "C:\ProgramData\FoqbIxmil\QaglUyok.pfn", Quarantined, [215cb9271575af8710d0a45c51afd729]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
IPH.Trojan.VawTrak, C:\ProgramData\FoqbIxmil\QaglUyok.pfn, Quarantined, [215cb9271575af8710d0a45c51afd729],

Physical Sectors: 0
(No malicious items detected)

(end)

#10
zep516

Posted 11 July 2015 - 09:19 AM

Trusted Helper

Malware Removal
8,090 posts

Hello,
Malwarebytes got that, I missed it.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

#11
cyclops365

Posted 11 July 2015 - 12:53 PM

Member

Topic Starter
Member
20 posts

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015
Ran by Ian (administrator) on IAN-PC on 11-07-2015 19:50:36
Running from C:\Users\Ian\Desktop
Loaded Profiles: Ian (Available Profiles: Ian)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [327680 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [122880 2013-04-16] (Saitek)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\MountPoints2: I - I:\SetupWi-Fi.exe
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\MountPoints2: {e5730989-a6ed-11e3-a389-0019d15bef4d} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\MountPoints2: {e5730a1e-a6ed-11e3-a389-0019d15bef4d} - I:\SetupWi-Fi.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1024250805-3410414209-3862033251-1000 -> DefaultScope {BD6A83D4-55B4-458F-81E3-969C193667D0} URL = https://www.google.c...{outputEncoding?}
SearchScopes: HKU\S-1-5-21-1024250805-3410414209-3862033251-1000 -> {BD6A83D4-55B4-458F-81E3-969C193667D0} URL = https://www.google.c...{outputEncoding?}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{232B33FC-5A4C-4448-8658-7D5B59AC06ED}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{AB750BFA-1937-4024-A565-63EF46FCEB67}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{C551CC47-055F-44D5-8567-9EB6C297A9B1}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{C88134E2-0B21-414D-BBA7-DE689662E460}: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1024250805-3410414209-3862033251-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-26] (Unity Technologies ApS)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19405768 2014-04-02] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [26112 2010-04-29] (Google Inc)
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [11904 2013-02-12] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [97408 2013-02-12] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70272 2013-02-12] (Huawei Technologies Co., Ltd.) [File not signed]
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [77696 2013-02-12] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-02-12] (Huawei Technologies Co., Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-21] (NVIDIA Corporation)
S3 SaiH0255; C:\Windows\System32\DRIVERS\SaiH0255.sys [136832 2008-02-15] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [23200 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [46624 2013-04-30] (Saitek)
S3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 19:50 - 2015-07-11 19:50 - 00000000 ____D C:\Users\Ian\Desktop\FRST-OlderVersion
2015-07-11 05:37 - 2015-07-11 05:37 - 00001328 _____ C:\Users\Ian\Desktop\mbam.txt
2015-07-11 04:54 - 2015-07-11 19:03 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 04:54 - 2015-07-11 04:54 - 00001024 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-11 04:54 - 2015-07-11 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-11 04:54 - 2015-07-11 04:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-11 04:54 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-11 04:54 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-11 04:54 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-10 10:00 - 2015-07-10 10:00 - 00001173 _____ C:\Users\Ian\Desktop\JRT.txt
2015-07-10 09:54 - 2015-07-10 09:54 - 00000207 _____ C:\Windows\tweaking.com-regbackup-IAN-PC-Windows-7-Ultimate-(32-bit).dat
2015-07-10 09:54 - 2015-07-10 09:54 - 00000000 ____D C:\RegBackup
2015-07-10 09:52 - 2015-07-10 09:52 - 00002462 _____ C:\Users\Ian\Desktop\AdwCleaner[S0].txt
2015-07-10 09:49 - 2015-07-10 09:50 - 00000000 ____D C:\AdwCleaner
2015-07-10 09:48 - 2015-07-10 09:48 - 03033540 _____ (Malwarebytes Corporation) C:\Users\Ian\Desktop\JRT.exe
2015-07-10 09:44 - 2015-07-10 09:44 - 02248704 _____ C:\Users\Ian\Desktop\adwcleaner_4.208.exe
2015-07-09 07:50 - 2015-07-09 07:50 - 00120330 _____ C:\Users\Ian\Desktop\Shortcut.txt
2015-07-09 07:48 - 2015-07-09 07:50 - 00029356 _____ C:\Users\Ian\Desktop\Addition.txt
2015-07-09 07:46 - 2015-07-11 19:51 - 00014281 _____ C:\Users\Ian\Desktop\FRST.txt
2015-07-09 07:43 - 2015-07-11 19:50 - 01634816 _____ (Farbar) C:\Users\Ian\Desktop\FRST.exe
2015-07-08 22:59 - 2015-07-11 19:50 - 00000000 ____D C:\FRST
2015-07-08 22:40 - 2015-07-08 22:40 - 00000000 ____D C:\Windows\system32\vbox
2015-07-08 21:58 - 2015-07-11 05:32 - 00000000 ____D C:\ProgramData\FoqbIxmil
2015-07-03 13:22 - 2015-07-04 11:07 - 00018684 _____ C:\Users\Ian\Desktop\Chorley 2015 16 Fixtures.odt
2015-06-28 00:14 - 2015-06-28 00:15 - 00021058 _____ C:\Users\Ian\Desktop\MIS PREDICTION LEAGUE 1516.ods
2015-06-27 23:58 - 2015-07-07 21:19 - 00009244 _____ C:\Users\Ian\Desktop\BtD Prediction League.ods
2015-06-11 14:43 - 2015-06-11 14:43 - 00007334 _____ C:\Users\Ian\Desktop\blank text.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 19:41 - 2013-11-26 19:16 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-11 19:22 - 2013-07-24 12:13 - 01157666 _____ C:\Windows\WindowsUpdate.log
2015-07-11 19:01 - 2009-07-14 05:34 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 19:01 - 2009-07-14 05:34 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 18:57 - 2013-07-24 13:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-11 18:53 - 2013-11-26 19:16 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-11 18:53 - 2013-07-24 14:12 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-11 18:53 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 18:53 - 2009-07-14 05:39 - 00082047 _____ C:\Windows\setupact.log
2015-07-11 09:59 - 2013-07-24 17:47 - 00813164 _____ C:\Windows\PFRO.log
2015-07-11 05:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system
2015-07-10 17:32 - 2013-07-24 13:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-10 17:32 - 2013-07-24 13:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-10 17:32 - 2013-07-24 13:57 - 00000000 ____D C:\Users\Ian\AppData\Local\Adobe
2015-07-10 09:31 - 2013-07-24 12:15 - 00000000 ____D C:\Users\Ian
2015-07-09 12:34 - 2013-07-24 20:11 - 00000000 ____D C:\Users\Ian\Desktop\magpie radio
2015-07-09 09:16 - 2013-07-25 22:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-05 11:23 - 2013-08-05 04:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2015-07-05 11:23 - 2013-07-25 12:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-05 11:23 - 2013-07-25 08:39 - 00000000 ____D C:\FS9
2015-07-05 10:44 - 2013-07-24 12:15 - 00001479 _____ C:\Users\Ian\Desktop\Internet Explorer.lnk
2015-07-04 01:08 - 2013-07-26 00:19 - 00000000 ____D C:\Program Files\Ltrack
2015-06-28 17:03 - 2013-08-02 17:39 - 00204288 ___SH C:\Users\Ian\Documents\Thumbs.db
2015-06-26 23:49 - 2013-07-25 10:31 - 00000000 ____D C:\Users\Ian\Documents\Flight Simulator Files
2015-06-26 22:51 - 2013-08-22 11:03 - 00000000 ____D C:\Users\Ian\AppData\Local\Deployment
2015-06-26 21:56 - 2013-08-20 12:50 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Audacity
2015-06-24 22:27 - 2013-07-24 12:20 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-23 13:27 - 2013-07-24 12:45 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-23 10:53 - 2015-04-30 11:38 - 00759048 _____ C:\Users\Ian\abbies bedtime routine chart.odt
2015-06-23 10:38 - 2013-08-23 17:06 - 00489472 ___SH C:\Users\Ian\Thumbs.db
2015-06-18 14:18 - 2009-07-14 05:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-18 13:30 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-06-18 11:49 - 2014-11-14 09:09 - 00000000 __SHD C:\Users\Ian\AppData\Local\EmieBrowserModeList
2015-06-18 11:49 - 2014-05-02 06:25 - 00000000 __SHD C:\Users\Ian\AppData\Local\EmieUserList
2015-06-18 11:49 - 2014-05-02 06:25 - 00000000 __SHD C:\Users\Ian\AppData\Local\EmieSiteList
2015-06-18 11:46 - 2009-07-14 05:33 - 00306232 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-17 23:55 - 2013-07-24 14:25 - 00000000 ____D C:\Windows\system32\MRT
2015-06-17 23:49 - 2013-07-24 13:43 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-13 00:32 - 2013-10-26 23:53 - 00000000 ____D C:\Users\Ian\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2013-09-24 13:39 - 2013-09-24 13:41 - 0000600 _____ () C:\Users\Ian\AppData\Local\PUTTY.RND

Some files in TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\Quarantine.exe
C:\Users\Ian\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2015-07-03 08:59

==================== End of log ============================

#12
cyclops365

Posted 11 July 2015 - 12:53 PM

Member

Topic Starter
Member
20 posts

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2015
Ran by Ian at 2015-07-11 19:51:34
Running from C:\Users\Ian\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Active Camera 2004 (HKLM\...\Active Camera 2004) (Version: - )
ActiveRadar Update v1.2 (HKLM\...\{7B8B9BE3-6EFC-4A25-AE30-3F4E29522BA3}) (Version: 1.2.1 - HiFi Simulation Software)
ActiveSky Version 6.5 and ActiveSky Graphics (HKLM\...\{0F0D371F-C111-4279-963A-04139A5E49DB}) (Version: 0.6.995 - HiFi Simulation Software)
ActiveSky2004 (HKLM\...\{5635FCDA-2B86-400F-BF23-784AB09B590F}) (Version: 1.0.0002 - HiFi Simulation Software)
ActiveSky2004.5 Update (HKLM\...\{C30E5DE8-AF71-48B9-8E4E-B2B8F98CD8E6}) (Version: 1.5.1471 - HiFi Simulation Software)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aerosoft's - Aerosoft Launcher (HKLM\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.0.0.7 - Aerosoft)
aerosoft's - Antalya 2010 (HKLM\...\{7488FFEB-DA27-45FE-ADA4-4277DDF6D2E5}) (Version: 1.04 - aerosoft)
aerosoft's - Balearic Islands X for FS2004 (HKLM\...\{5EE08A0C-9C8B-4FEA-9E1D-31124A90FF75}) (Version: 1.01 - aerosoft)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASV - ActiveSky Version 5 (HKLM\...\{349D278F-64F5-4BF3-AD0B-32D3F89017A3}) (Version: 0.1.3141 - HiFi Simulation Software)
ASV - Upgrade from AS2004.5 Installer (HKLM\...\{345643C6-2BBE-4819-B9DB-FBE581D580B9}) (Version: 0.2.0 - HiFi Simulation Software)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Blue Sky (HKLM\...\{0B365286-5E64-44A4-A49F-04CF4C85A3B3}) (Version: 1.0.10317 - FS Products)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Disney's Get Ready for School with Mickey (HKLM\...\{31154120-9EB6-11D4-B231-0050DACD394D}) (Version: - )
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version: - )
FSNavigator (HKLM\...\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}) (Version: 4.7 - FSNavigator team)
GAP_LGSK 2007 (HKLM\...\GAP_LGSK 2007) (Version: - )
GAP_LGZA 2006 (HKLM\...\GAP_LGZA 2006) (Version: - )
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iFly Jets - 737NG for FS2004 Feature Pack (HKLM\...\iFly Jets - 737NG for FS2004 Feature Pack) (Version: - )
iFly Jets - The 737NG for FS2004 (HKLM\...\iFly Jets - The 737NG for FS2004) (Version: - )
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAGO Hurghada Scenery FS2004 Version 1.01 (HKLM\...\{72A53810-7DEC-4154-8584-C8C0BEA0CF7E}) (Version: 1.01.00 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Learning Ladder Preschool (HKLM\...\{CC0BA5A8-E3EC-11D5-9194-00105A68CFFF}) (Version: - )
Level-D Simulations 767-300 (HKLM\...\763v2) (Version: - )
London Control (HKLM\...\{16FA48D5-24F7-4B45-85D0-777510BC0643}) (Version: 1.1 - DM Aviation Limited)
Ltrack 6.8 (HKLM\...\Ltrack_is1) (Version: - Nigel Thomas)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1342 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM\...\{EA1DC8F8-C357-44CA-A332-AB9762DF698C}) (Version: 4.00.9702 - Apache Software Foundation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Sharepod 4.0.0.4 (HKLM\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{5C93C2C2-4EB3-4830-974A-69EDE0E1C37B}) (Version: 7.0.27.13 - Mad Catz)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: - )
SquawkBox (HKLM\...\SquawkBox) (Version: - )
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19617 - TeamViewer)
TomTom HOME (HKLM\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
UK2000 Gatwick Xtreme FS9 (HKLM\...\UK2000 Gatwick Xtreme FS9) (Version: 3.00 - UK2000 Scenery)
UK2000 Manchester Xtreme FS2004 Uninstall (HKLM\...\UK2000 Manchester Xtreme FS2004) (Version: - )
Unity Web Player (HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
vroute.info (HKU\S-1-5-21-1024250805-3410414209-3862033251-1000\...\ea913c639d7ea423) (Version: 1.1.1.3 - vroute)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 beta 7 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

17-06-2015 23:47:37 Windows Update
21-06-2015 20:05:36 Windows Defender Checkpoint
23-06-2015 22:08:16 Windows Update
01-07-2015 07:50:11 Windows Update
02-07-2015 07:34:04 avast! antivirus system restore point
05-07-2015 11:22:32 Installed Antalya 2010
05-07-2015 11:23:47 Installed Antalya 2010
07-07-2015 11:20:46 Windows Update
09-07-2015 09:12:00 avast! antivirus system restore point
10-07-2015 09:31:01 Restore Point Created by FRST
11-07-2015 07:27:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06C9F2B0-E350-42AB-B136-32BFAB294992} - System32\Tasks\{D54A7B77-80CE-4E0F-BD1B-69019BAC01D7} => pcalua.exe -a "C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0SM5VSM\jre-8u25-windows-i586.com" -d C:\Users\Ian\Desktop
Task: {11F508B7-CE24-4642-B1D1-CB693B9BD682} - System32\Tasks\{5BA4AEC5-558F-4E89-8F00-62F40901B368} => pcalua.exe -a "C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FE1I93K3\VisualBasic6-KB896559-v1-ENU.exe" -d C:\Users\Ian\Desktop
Task: {59432A95-C2E6-414F-B111-F217912CEF24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {7C1F2249-19BF-49CC-8902-E83C76246955} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {D16CDF9E-3810-4918-8D68-9A39DE6F958C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D4AA8B0E-AC53-4068-BA3E-5A5C12B9B726} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {DC8A5A05-53E9-429C-AD02-185CF50B6DBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10] (Adobe Systems Incorporated)
Task: {F5B08A75-B998-4405-A8B0-E404136A5D1F} - System32\Tasks\{0415705B-8546-4984-9FE1-0E6E6673626F} => pcalua.exe -a "C:\Users\Ian\Downloads\FSUIPC4\Install FSUIPC4.exe" -d C:\Users\Ian\Downloads\FSUIPC4

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2013-07-24 14:12 - 2013-06-21 10:52 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files\Windows Live\Writer\en-GB\WindowsLive.Writer.Localization.resources.dll