Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Computer is infected [Closed]


  • This topic is locked This topic is locked

#1
Tiffy95

Tiffy95

    New Member

  • Member
  • Pip
  • 1 posts

Hello, I recently discovered an issue with my computer, every time I try and download something wether it be pictures or software, or documents from an email, nothing happens, I press download and the page will laod and then nothing will happen, I check my downloads file and nothing has downloaded, so I came to this forum, and I followed the instructions to run the FRST to scan my computer, ( I downloaded it on another computer, and then transferred it to this one via usb drive because I cannot download anything on this computer.) The next step on the instructions and came here to write about my problem, I have not recieved any error messages or anything, my this only started about 2 weeks ago, and there have been no warnings or anything to make me think that something was or had infected my computer. My computer has been moving very slowly as well over the last 2 weeks. here is the notepad pages that were produced from the FRST program. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by toffefay (administrator) on JARVIS on 18-07-2015 23:58:42
Running from F:\
Loaded Profiles: toffefay (Available Profiles: toffefay)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(BitTorrent Inc.) C:\Users\toffefay\AppData\Roaming\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\toffefay\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\setup_wm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDirector13\PDR13.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDirector13\PDHanumanSvr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-09-02] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [fst_us_227] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\...\Run: [BitTorrent] => C:\Users\toffefay\AppData\Roaming\BitTorrent\BitTorrent.exe [1696104 2015-05-25] (BitTorrent Inc.)
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\toffefay\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\...\Run: [BingSvc] => C:\Users\toffefay\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File not found
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dosearche...X&ts=1383753308
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.dosear...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearche...X&ts=1383753308
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosear...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...DHP&osmkt=en-us
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearche...X&ts=1383753308
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/SKY2_FRPage
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
URLSearchHook: HKLM-x32 - (No Name) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No File
URLSearchHook: HKLM-x32 - (No Name) - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosear...q={searchTerms}
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosear...q={searchTerms}
SearchScopes: HKLM -> {E696739E-642A-414E-B915-E9025763432F} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: No Name -> {07cbf788-1359-421b-a4e3-5a8d041b90a3} ->  No File
BHO-x32: No Name -> {1122b43d-30ee-403f-9bfa-3cc99b0caddd} -> C:\Users\toffefay\AppData\LocalLow\MixiDJ_V30\prxtbMix2.dll [2014-03-26] (ClientConnect Ltd.)
BHO-x32: SySaver -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> C:\Users\toffefay\AppData\Local\SySaver\temp.dat No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll [2014-06-12] (Thinknice Co. Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-08] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> No Name - {07CBF788-1359-421B-A4E3-5A8D041B90A3} -  No File
Toolbar: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> No Name - {1122B43D-30EE-403F-9BFA-3CC99B0CADDD} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{DE8CA0B7-E546-4E17-9FEC-2814F3D8B491}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2013-06-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-07-05]
 
Chrome: 
=======
CHR Profile: C:\Users\toffefay\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\toffefay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-11]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\toffefay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-04-14]
CHR Extension: (Lightning Newtab) - C:\Users\toffefay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-08-28]
CHR Extension: (Norton Identity Safe) - C:\Users\toffefay\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\toffefay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-24]
CHR Extension: (Skype Click to Call) - C:\Users\toffefay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-14]
CHR Extension: (Google Wallet) - C:\Users\toffefay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\toffefay\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S4 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [540304 2014-06-10] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3860480 2013-08-23] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-02] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130829.001\IDSvia64.sys [520280 2013-08-25] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130829.023\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130829.023\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-08-31] ()
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-26] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-18 23:57 - 2015-07-18 23:59 - 00000000 ____D C:\FRST
2015-07-18 14:21 - 2015-07-18 14:36 - 00000000 ____D C:\Users\toffefay\Desktop\Vlog 1
2015-07-16 11:11 - 2015-07-18 22:35 - 00000000 ____D C:\Users\toffefay\Desktop\more stuff for promo
2015-07-15 15:54 - 2015-07-18 14:29 - 00000000 ____D C:\Users\toffefay\Desktop\pics for promo
2015-07-15 15:47 - 2015-07-17 14:23 - 00725854 _____ C:\Users\toffefay\Documents\Theatre In London Promo.pds
2015-07-14 12:27 - 2015-07-14 12:27 - 00000719 _____ C:\Users\toffefay\Desktop\OneDrive - Shortcut.lnk
2015-07-13 19:08 - 2015-07-18 14:31 - 00000000 ____D C:\Users\toffefay\Desktop\videos for promo
2015-07-09 11:07 - 2015-07-18 14:32 - 00000000 ____D C:\Users\toffefay\Desktop\Videos of London from phone
2015-07-04 23:21 - 2015-07-04 23:21 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-04 22:53 - 2015-07-04 22:53 - 00000000 ____D C:\Users\toffefay\AppData\Local\GWX
2015-06-25 16:47 - 2015-06-25 16:47 - 00002227 _____ C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
2015-06-25 16:47 - 2015-06-25 16:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2015-06-25 16:42 - 2015-06-25 16:42 - 00001857 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-06-25 16:41 - 2015-06-25 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-06-25 16:41 - 2015-06-25 16:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-25 16:41 - 2015-06-25 16:41 - 00000000 ____D C:\Users\toffefay\AppData\Roaming\proDAD
2015-06-25 16:40 - 2015-06-25 16:40 - 00000000 ____D C:\ProgramData\proDAD
2015-06-25 16:40 - 2015-06-25 16:40 - 00000000 ____D C:\Program Files\proDAD
2015-06-25 16:40 - 2014-09-04 21:59 - 00607256 _____ (proDAD GmbH) C:\WINDOWS\system32\prodad-codec.dll
2015-06-25 16:40 - 2014-09-04 21:59 - 00375832 _____ (proDAD GmbH) C:\WINDOWS\system32\proDAD-PA-Support.dll
2015-06-25 16:39 - 2015-06-25 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2015-06-25 16:39 - 2015-06-25 16:39 - 00000000 ____D C:\Program Files\NewBlue
2015-06-25 16:39 - 2015-06-25 16:39 - 00000000 ____D C:\Program Files\Common Files\NewBlue
2015-06-25 16:38 - 2015-06-25 16:38 - 00002036 _____ C:\Users\Public\Desktop\CyberLink PowerDirector 13 (64-bit).lnk
2015-06-25 16:38 - 2015-06-25 16:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 13
2015-06-25 16:38 - 2015-06-25 16:38 - 00000000 ____D C:\Program Files (x86)\NewBlue
2015-06-25 16:31 - 2015-06-25 16:39 - 00000000 ____D C:\Program Files\CyberLink
2015-06-25 16:30 - 2015-06-25 16:47 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2015-06-25 16:30 - 2015-06-25 16:31 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-25 16:22 - 2015-06-25 16:28 - 830674000 _____ C:\Users\toffefay\Downloads\PowerDirector_2104_GM2_Deluxe_VDE140707-01.exe
2015-06-22 15:43 - 2015-06-22 15:45 - 64915659 _____ C:\Users\toffefay\Desktop\IMG_8327.MOV
2015-06-22 15:43 - 2015-06-22 15:44 - 16812727 _____ C:\Users\toffefay\Desktop\IMG_8317.MOV
2015-06-22 15:23 - 2015-06-29 05:10 - 00013586 _____ C:\Users\toffefay\Documents\ticket order spreadsheet 7 brides.xlsx
2015-06-19 13:47 - 2015-05-25 07:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-19 13:47 - 2015-05-25 07:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-19 13:47 - 2015-05-22 07:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-19 13:47 - 2015-05-21 07:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-19 13:47 - 2015-05-21 07:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-19 13:47 - 2015-05-21 07:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-19 13:47 - 2015-05-21 07:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-19 13:47 - 2015-05-21 07:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-19 13:47 - 2015-05-21 07:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-19 13:47 - 2015-04-16 16:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-19 13:47 - 2015-04-16 00:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-19 13:47 - 2015-04-13 16:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-19 13:47 - 2015-04-13 16:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-19 13:47 - 2015-04-09 18:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-19 13:47 - 2015-04-09 18:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-19 13:47 - 2015-04-08 16:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-19 13:47 - 2015-04-08 16:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-19 13:47 - 2015-04-01 16:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-19 13:47 - 2015-04-01 16:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-19 13:47 - 2015-03-31 22:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-19 13:47 - 2015-03-31 22:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-19 13:47 - 2015-03-31 22:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-19 13:47 - 2015-03-31 22:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-19 13:47 - 2015-03-31 21:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-19 13:47 - 2015-03-31 21:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-19 13:47 - 2015-03-31 21:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-19 13:47 - 2015-03-31 20:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-19 13:47 - 2015-03-31 20:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-19 13:47 - 2015-03-31 20:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-19 13:47 - 2015-03-31 20:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-19 13:47 - 2015-03-31 20:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-19 13:47 - 2015-03-31 20:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-19 13:47 - 2015-03-19 21:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-19 13:47 - 2015-03-19 21:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-19 13:47 - 2015-03-19 20:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-19 13:47 - 2015-03-19 20:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-19 13:47 - 2015-03-01 19:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-19 13:47 - 2015-03-01 19:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-19 13:44 - 2015-03-10 19:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-06-19 13:44 - 2015-03-10 19:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-06-19 13:29 - 2015-04-01 16:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-06-19 13:29 - 2015-04-01 16:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-06-19 13:29 - 2015-03-31 21:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-06-19 13:29 - 2015-03-31 20:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-06-19 13:19 - 2015-04-09 18:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-06-19 13:19 - 2015-04-09 18:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-06-19 13:19 - 2015-03-19 19:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-06-19 13:19 - 2015-03-12 19:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-06-19 13:19 - 2015-03-12 18:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-06-19 13:19 - 2015-03-05 20:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-06-19 13:19 - 2015-03-03 19:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-06-19 13:19 - 2015-03-03 19:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-06-19 13:18 - 2015-03-12 22:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-06-19 13:18 - 2015-03-12 22:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-06-19 13:08 - 2015-06-19 13:10 - 41021578 _____ C:\Users\toffefay\Desktop\Harry Potter Studios potions room.MOV
2015-06-19 12:48 - 2015-03-17 11:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-06-19 12:47 - 2015-03-12 20:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-06-19 12:35 - 2015-04-02 18:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-06-19 12:35 - 2015-04-02 18:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-06-19 12:35 - 2015-03-08 20:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-06-19 12:35 - 2015-03-05 21:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-06-19 12:35 - 2015-03-05 20:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-06-19 12:34 - 2015-02-17 17:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-06-19 12:34 - 2015-01-29 18:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-06-19 12:34 - 2014-11-14 00:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-06-19 11:21 - 2015-04-30 17:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-06-19 11:21 - 2015-04-30 16:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-06-19 11:20 - 2015-04-09 19:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-06-19 11:20 - 2015-04-09 18:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-06-19 11:20 - 2015-04-09 18:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-06-19 11:19 - 2015-04-08 16:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-06-19 11:15 - 2015-04-24 20:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-19 11:15 - 2015-04-24 20:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-19 11:05 - 2015-05-27 08:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-19 11:05 - 2015-05-27 08:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-19 11:05 - 2015-05-22 21:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-19 11:05 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-19 11:05 - 2015-05-22 21:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-19 11:05 - 2015-05-22 21:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-19 11:05 - 2015-05-22 21:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-19 11:05 - 2015-05-22 20:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-19 11:05 - 2015-05-22 20:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-19 11:05 - 2015-05-22 20:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-19 11:05 - 2015-05-22 20:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-19 11:05 - 2015-05-22 20:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-19 11:05 - 2015-05-22 20:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-19 11:05 - 2015-05-22 20:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-19 11:05 - 2015-05-22 20:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-19 11:05 - 2015-05-22 20:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-19 11:05 - 2015-05-22 20:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-19 11:05 - 2015-05-22 20:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-19 11:05 - 2015-05-22 20:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-19 11:05 - 2015-05-22 20:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-19 11:05 - 2015-05-22 13:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-19 11:05 - 2015-05-22 13:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-19 11:05 - 2015-05-22 13:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-19 11:05 - 2015-05-22 12:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-19 11:05 - 2015-05-22 12:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-19 11:05 - 2015-05-22 12:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-19 11:05 - 2015-05-22 12:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-19 11:05 - 2015-05-22 12:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-19 11:05 - 2015-05-22 12:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-19 11:05 - 2015-05-22 12:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-19 11:05 - 2015-05-22 12:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-19 11:05 - 2015-05-22 12:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-19 11:05 - 2015-05-22 12:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-19 11:05 - 2015-05-22 12:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-19 11:05 - 2015-05-22 12:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-19 11:05 - 2015-05-22 11:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-19 11:05 - 2015-05-22 11:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-19 11:05 - 2015-05-22 11:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-19 11:05 - 2015-05-22 11:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-19 11:05 - 2015-05-22 11:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-19 11:05 - 2015-04-21 10:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-06-19 11:05 - 2015-04-21 09:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-06-19 11:05 - 2015-04-21 09:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-06-19 11:00 - 2015-05-21 10:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-19 10:50 - 2015-03-29 23:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-06-19 10:50 - 2015-03-26 21:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-06-19 10:50 - 2015-03-26 20:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-06-19 10:50 - 2015-03-26 20:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-19 00:00 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-18 23:59 - 2013-10-04 09:00 - 00000000 ____D C:\Users\toffefay\AppData\Roaming\BitTorrent
2015-07-18 23:56 - 2013-06-30 06:11 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9C6CF8CC-CBB4-4F4D-A522-F80784C44CE7}
2015-07-18 23:52 - 2015-04-14 09:36 - 00000000 ____D C:\Users\toffefay\AppData\Roaming\Skype
2015-07-18 23:26 - 2013-06-30 08:49 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-18 22:59 - 2014-01-30 12:25 - 12717056 ___SH C:\Users\toffefay\Downloads\Thumbs.db
2015-07-18 22:20 - 2013-09-29 22:04 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-18 22:18 - 2013-08-22 08:46 - 00305125 _____ C:\WINDOWS\setupact.log
2015-07-18 14:35 - 2015-06-16 18:37 - 00000000 ____D C:\Users\toffefay\Desktop\Europe2015
2015-07-18 14:31 - 2013-11-24 00:36 - 00403456 ___SH C:\Users\toffefay\Desktop\Thumbs.db
2015-07-16 16:26 - 2013-06-30 08:49 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-16 11:39 - 2013-06-30 06:18 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1529753254-3550861351-3988260587-1002
2015-07-15 16:21 - 2013-06-30 08:49 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 16:21 - 2013-06-30 08:49 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 10:56 - 2013-07-09 11:49 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-07-14 12:22 - 2014-09-04 14:38 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-13 19:14 - 2014-08-31 19:14 - 00000372 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - toffefay).job
2015-07-09 11:14 - 2015-06-13 14:05 - 00000000 ____D C:\Users\toffefay\Desktop\photos
2015-07-06 07:56 - 2015-03-23 21:41 - 00000000 ____D C:\Users\toffefay\Downloads\PopcornTime
2015-07-05 18:33 - 2015-02-05 11:26 - 00003388 _____ C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
2015-07-05 18:33 - 2013-11-21 15:42 - 00000000 __RDO C:\Users\toffefay\SkyDrive
2015-07-05 18:28 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-05 17:09 - 2013-11-21 03:01 - 01884622 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-05 12:55 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-04 23:23 - 2013-03-18 21:42 - 00000000 ____D C:\ProgramData\Norton
2015-07-03 22:08 - 2013-09-29 21:55 - 00055596 _____ C:\WINDOWS\PFRO.log
2015-07-03 16:31 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-03 16:28 - 2013-11-21 02:41 - 00000000 ____D C:\Users\toffefay
2015-06-29 13:32 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-29 05:19 - 2013-08-22 08:44 - 00490624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-29 05:16 - 2013-08-22 07:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-29 05:13 - 2014-12-20 13:34 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-29 05:13 - 2014-07-12 16:44 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-29 05:13 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-29 05:13 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-06-29 05:13 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-06-29 05:12 - 2015-04-07 19:53 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-06-29 05:12 - 2015-04-07 19:53 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-29 05:12 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-25 17:01 - 2013-06-30 23:04 - 00000000 ____D C:\Users\toffefay\Documents\CyberLink
2015-06-25 17:01 - 2013-06-30 23:04 - 00000000 ____D C:\Users\Public\CyberLink
2015-06-25 16:59 - 2013-06-30 23:00 - 00000000 ____D C:\Users\toffefay\AppData\Roaming\CyberLink
2015-06-25 16:59 - 2013-03-18 21:32 - 00000000 ____D C:\ProgramData\CyberLink
2015-06-25 16:55 - 2013-06-30 23:00 - 00000000 ____D C:\Users\toffefay\AppData\Local\CyberLink
2015-06-25 16:47 - 2012-10-20 15:01 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-06-25 16:47 - 2012-10-20 14:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-25 16:47 - 2012-10-20 14:59 - 00000000 ____D C:\ProgramData\install_clap
2015-06-25 14:33 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-25 13:57 - 2013-07-30 21:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-25 11:39 - 2013-07-28 07:51 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-25 11:38 - 2013-07-22 16:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-25 11:28 - 2013-09-29 21:51 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-19 21:02 - 2015-04-20 15:41 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 21:02 - 2015-04-20 15:41 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 18:11 - 2015-04-14 09:36 - 00000000 ___RD C:\Program Files (x86)\Skype
 
==================== Files in the root of some directories =======
 
2014-09-04 12:32 - 2014-09-04 12:32 - 6010880 _____ () C:\Program Files (x86)\GUT1FBC.tmp
2014-09-04 12:31 - 2014-09-04 12:31 - 6010880 _____ () C:\Program Files (x86)\GUT5027.tmp
2014-09-04 12:30 - 2014-09-04 12:30 - 0000000 _____ () C:\Program Files (x86)\GUT9BAC.tmp
2014-08-31 01:49 - 2014-08-31 01:49 - 0000316 _____ () C:\Users\toffefay\AppData\Roaming\aps.uninstall.scan.results
2014-07-11 22:09 - 2014-07-11 22:14 - 0235665 _____ () C:\Users\toffefay\AppData\Roaming\blob-8587964687406125144
2014-06-29 22:43 - 2014-06-29 22:43 - 0001132 _____ () C:\Users\toffefay\AppData\Roaming\list-149365
2014-08-30 13:35 - 2014-08-30 13:35 - 0000043 _____ () C:\Users\toffefay\AppData\Roaming\WB.CFG
2014-08-31 01:48 - 2014-08-31 01:48 - 0575544 _____ (ClickMeIn Limited) C:\Users\toffefay\AppData\Local\nsqA9D9.tmp
2014-08-31 11:24 - 2014-08-31 11:24 - 0000017 _____ () C:\Users\toffefay\AppData\Local\resmon.resmoncfg
2013-03-18 21:29 - 2013-03-18 21:29 - 0000595 _____ () C:\ProgramData\CyberlinkOutput.txt
2013-06-30 06:11 - 2013-06-30 06:11 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some files in TEMP:
====================
C:\Users\toffefay\AppData\Local\Temp\18be6784_.exe
C:\Users\toffefay\AppData\Local\Temp\294823_.exe
C:\Users\toffefay\AppData\Local\Temp\4ae13d6c_.exe
C:\Users\toffefay\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\toffefay\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\toffefay\AppData\Local\Temp\Compete_setup.exe
C:\Users\toffefay\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\toffefay\AppData\Local\Temp\EAD163C.exe
C:\Users\toffefay\AppData\Local\Temp\EAD1CB.exe
C:\Users\toffefay\AppData\Local\Temp\EAD36F9.exe
C:\Users\toffefay\AppData\Local\Temp\EAD45C4.exe
C:\Users\toffefay\AppData\Local\Temp\EAD54CD.exe
C:\Users\toffefay\AppData\Local\Temp\EAD560A.exe
C:\Users\toffefay\AppData\Local\Temp\EAD6BA1.exe
C:\Users\toffefay\AppData\Local\Temp\EAD6DB9.exe
C:\Users\toffefay\AppData\Local\Temp\EAD6E16.exe
C:\Users\toffefay\AppData\Local\Temp\EAD6F30.exe
C:\Users\toffefay\AppData\Local\Temp\EAD7778.exe
C:\Users\toffefay\AppData\Local\Temp\EAD7A7.exe
C:\Users\toffefay\AppData\Local\Temp\EAD81FE.exe
C:\Users\toffefay\AppData\Local\Temp\EAD8613.exe
C:\Users\toffefay\AppData\Local\Temp\EAD8F98.exe
C:\Users\toffefay\AppData\Local\Temp\EADAA51.exe
C:\Users\toffefay\AppData\Local\Temp\EADBDCD.exe
C:\Users\toffefay\AppData\Local\Temp\EADBE3A.exe
C:\Users\toffefay\AppData\Local\Temp\EADC88B.exe
C:\Users\toffefay\AppData\Local\Temp\EADD0C9.exe
C:\Users\toffefay\AppData\Local\Temp\EADD869.exe
C:\Users\toffefay\AppData\Local\Temp\EADDA08.exe
C:\Users\toffefay\AppData\Local\Temp\EADDD99.exe
C:\Users\toffefay\AppData\Local\Temp\EADFFBC.exe
C:\Users\toffefay\AppData\Local\Temp\Extract.exe
C:\Users\toffefay\AppData\Local\Temp\mnf0gh0l.dll
C:\Users\toffefay\AppData\Local\Temp\optprosetup.exe
C:\Users\toffefay\AppData\Local\Temp\post1.exe
C:\Users\toffefay\AppData\Local\Temp\post2.dll
C:\Users\toffefay\AppData\Local\Temp\post2.exe
C:\Users\toffefay\AppData\Local\Temp\r6b6sedl.dll
C:\Users\toffefay\AppData\Local\Temp\Runner.exe
C:\Users\toffefay\AppData\Local\Temp\scpA586.tmp.exe
C:\Users\toffefay\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\toffefay\AppData\Local\Temp\setup_279.exe
C:\Users\toffefay\AppData\Local\Temp\SfpcHelper_installFinish.exe
C:\Users\toffefay\AppData\Local\Temp\SfpcHelper_installStart.exe
C:\Users\toffefay\AppData\Local\Temp\SkypeSetup.exe
C:\Users\toffefay\AppData\Local\Temp\SlimCleanerPlus.x64.exe
C:\Users\toffefay\AppData\Local\Temp\SP58496.exe
C:\Users\toffefay\AppData\Local\Temp\SP59620.exe
C:\Users\toffefay\AppData\Local\Temp\SP61877.exe
C:\Users\toffefay\AppData\Local\Temp\SP63599.exe
C:\Users\toffefay\AppData\Local\Temp\SP63733.exe
C:\Users\toffefay\AppData\Local\Temp\SPSetup.exe
C:\Users\toffefay\AppData\Local\Temp\tbVgr0.dll
C:\Users\toffefay\AppData\Local\Temp\UninstallEADM.dll
C:\Users\toffefay\AppData\Local\Temp\Upgrade.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-13 17:29
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by toffefay at 2015-07-19 00:01:47
Running from F:\
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1529753254-3550861351-3988260587-500 - Administrator - Disabled)
Guest (S-1-5-21-1529753254-3550861351-3988260587-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1529753254-3550861351-3988260587-1004 - Limited - Enabled)
toffefay (S-1-5-21-1529753254-3550861351-3988260587-1002 - Administrator - Enabled) => C:\Users\toffefay
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{3CEC10BE-CD7C-8E99-E3AC-DD31F4416C1C}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1107296579.4759644.48.2147344384 - Audible, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2104.0 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{23C74C03-680C-455D-933F-5BC8683CAE52}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MixiDJ V30 Toolbar (HKLM-x32\...\MixiDJ_V30 Toolbar) (Version: 6.15.0.27 - MixiDJ V30) <==== ATTENTION
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 5.2.1 - Popcorn Time)
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.108.1 - proDAD GmbH)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.16.10.61 - Client Connect LTD) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoPlayer v2.0.6 (HKLM-x32\...\VideoPlayer) (Version: v2.0.6 - TUGUU SL) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
25-06-2015 11:27:19 Windows Update
03-07-2015 17:06:07 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A36861F-C453-4D14-ABCE-AE0223F6FCE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-04] (Google Inc.)
Task: {11C8C7F5-0E04-4FE9-8294-FAC3FA9FDC95} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {1F1625E2-8E65-4289-B1E8-77F954531BA5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2014-12-06] (Symantec Corporation)
Task: {21177559-B2A2-46BF-A7E6-EAF33EA32E11} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {2841655E-83FC-49FE-8F9F-CD6C07828CC3} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {29A44B4B-84F1-4834-B43B-78A2E6994FF9} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\toffefay\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {2BC486D0-DC42-4BD6-8C12-3F9972DD3346} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {5550C541-4304-4345-92B8-EE91263BA49A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-25] (Microsoft Corporation)
Task: {659824E9-6AF7-4C6B-AE25-62BB01F2A1F4} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {745E70DE-8BAA-4334-A86D-0EF175F40E2B} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - toffefay) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {78F102FE-77C7-4ECB-96DC-ADB006C5DB01} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {78FCD8E8-BB48-4CF6-AD34-CC216B758D12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8BED4939-864F-4B0C-8E18-EB6D1736927B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {A5BD92B9-F842-41BB-A237-060224CC513A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {A96C090C-46E5-4C59-B94A-04546903CAD9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {AE80241F-8DF3-4AA2-B548-D15A23F9D1B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {BB996F78-5B37-47C1-9149-2A8A98D62C0B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-09-02] (Synaptics Incorporated)
Task: {C0643F48-3B50-48FD-A7FE-7D1BD3FEBD07} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CBCF796D-5C85-48EB-9E85-A255E7CDF2A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-04] (Google Inc.)
Task: {D921488B-F0CA-4280-8A6C-D1AB606259C9} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {FC8E3685-0148-48BD-9F31-07C0CBB9D9C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FCCFE3C1-2B13-4B19-B53A-6B3C6D37509F} - System32\Tasks\ASP => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - toffefay).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-09-18 04:12 - 2012-09-18 04:12 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 18:22 - 2012-10-12 18:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2015-06-25 16:47 - 2014-07-16 08:21 - 00038872 _____ () C:\Program Files\CyberLink\Shared files\RichVideops64.dll
2013-11-21 15:33 - 2013-11-21 15:33 - 00120224 _____ () C:\Users\toffefay\AppData\Local\assembly\dl3\89KEKOER.Z9K\P2T1EE98.EEM\263bf6ad\008b7bc6_d8a8cd01\HPItunesModule.DLL
2012-09-18 04:11 - 2012-09-18 04:11 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-07 04:50 - 2012-08-07 04:50 - 00607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.dll
2015-06-25 16:35 - 2014-04-01 06:09 - 01146120 _____ () C:\Program Files\CyberLink\PowerDirector13\runtime\misc\UNO.dll
2015-06-25 16:35 - 2014-08-18 00:09 - 01693144 _____ () C:\Program Files\CyberLink\PowerDirector13\Language\ENU\PDrt.dll
2015-06-25 16:35 - 2014-04-01 06:09 - 00303616 _____ () C:\Program Files\CyberLink\PowerDirector13\runtime\mediacache\libebml.dll
2015-06-25 16:35 - 2014-04-01 06:09 - 00672256 _____ () C:\Program Files\CyberLink\PowerDirector13\runtime\mediacache\libmatroska.dll
2015-06-25 16:35 - 2014-04-01 06:09 - 00161240 _____ () C:\Program Files\CyberLink\PowerDirector13\CLVistaAudioMixer.dll
2015-06-25 16:35 - 2014-09-04 07:42 - 00230152 _____ () C:\Program Files\CyberLink\PowerDirector13\HanumanCache.dll
2015-06-25 16:39 - 2014-08-05 10:46 - 00125952 _____ () C:\Program Files\CyberLink\Shared Files\PlugIn\NewBlue\NewBlue_PlugIn_VideoEssentials.dll
2014-08-05 10:45 - 2014-08-05 10:45 - 00271360 _____ () C:\Program Files\NewBlue\Video Essentials for Windows\Resources64.dll
2015-06-25 16:41 - 2014-09-04 21:59 - 02349056 _____ () C:\Program Files\CyberLink\Shared Files\PlugIn\proDAD\adorage.dll
2015-06-25 16:35 - 2014-09-01 06:52 - 01668872 _____ () C:\Program Files\CyberLink\PowerDirector13\runtime\authoring\AuroraU.dll
2014-12-10 00:33 - 2012-05-30 00:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2013-03-18 21:26 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-07-14 12:22 - 2015-07-13 15:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 12:22 - 2015-07-13 15:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\toffefay\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\toffefay\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CFBD3C6B-146F-4BC1-82ED-1D5C940CE165}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{58ADD345-46B6-4F87-B488-9842ABEC3567}] => (Allow) C:\Users\toffefay\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{69F0724E-81BD-4CB7-B8B6-3C6E4B225F20}] => (Allow) C:\Users\toffefay\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B268C242-662F-4E96-832A-5CE8AC528CDC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{466FA291-10CB-4AF8-A8CB-D19FA2EBCE9A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0B47D11D-DF60-40F8-8F16-0AE6EF2353E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E75BA807-5DAF-4B88-AEAD-3F01781C6113}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6EBB67BF-49DF-40F7-A588-626D6A488EA7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B4C00BCA-85D8-4E24-B092-B77C29FB94D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{809835B0-0CF2-43BB-9A87-C0DBC759551B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{9EC401B7-348F-448B-8E93-C42026219EA3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{FDCA9D85-CB4E-474A-9743-0702C061CB7E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{21071E29-8729-4833-B009-630E879985EA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{3A8169AF-6FE0-4698-8389-4651A2641428}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{09478FDB-AB24-4B19-B981-F689D6133D9E}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{FB6D9234-8B02-4AF8-B27F-FE16EDCA631E}] => (Allow) LPort=1900
FirewallRules: [{9C9403E7-1D9F-4EA3-9187-C5DB56268CB1}] => (Allow) LPort=2869
FirewallRules: [{7C78058E-8A45-4FE2-87FE-0D08B37C5665}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C1028E86-37FB-4DC2-AFA2-B1DF2EEDF574}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{C540A554-7A7C-4B3E-8C7B-8CFAFCF0DB88}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{6B414605-FDB3-445E-883E-48FB3A5F550F}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{D056E2EA-71F4-4E21-BBC3-18F8BEB52868}C:\program files (x86)\popcorn time free\popcorn time 3.2\popcorn-time-app32.exe] => (Allow) C:\program files (x86)\popcorn time free\popcorn time 3.2\popcorn-time-app32.exe
FirewallRules: [UDP Query User{9E8515CD-08CE-4F75-816A-A0235D07317C}C:\program files (x86)\popcorn time free\popcorn time 3.2\popcorn-time-app32.exe] => (Allow) C:\program files (x86)\popcorn time free\popcorn time 3.2\popcorn-time-app32.exe
FirewallRules: [TCP Query User{150528F6-4064-43DA-9F8B-02B1F4D5B775}C:\program files (x86)\popcorn time free\popcorn time 3.2\popcorn-time-app32.exe] => (Allow) C:\program files (x86)\popcorn time free\popcorn time 3.2\popcorn-time-app32.exe
FirewallRules: [UDP Query User{14E36A2E-4CA0-44F6-BE23-DF42C0ED0FE5}C:\program files (x86)\popcorn time free\popcorn time 3.2\popcorn-time-app32.exe] => (Allow) C:\program files (x86)\popcorn time free\popcorn time 3.2\popcorn-time-app32.exe
FirewallRules: [{0840BAFE-E28B-400F-AB81-324E1180AEB8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F67B4E86-D10E-4A62-8F75-A9663C3281EB}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{76C2EEF3-D0EA-47F5-9F87-D0EF0C605C50}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{0625EA88-BD5C-415E-A6FB-B5F1DA27D687}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{F5158884-4963-4422-BCC2-2D5B70DE5225}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{6A77C4DE-40F4-4D4E-A506-A829C56A341B}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{2CD21589-6781-476F-B8E9-3968124B196F}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{44455152-79FD-4468-8984-9CD5BCAE16AC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D2CD2C67-D5E2-4B51-8EF3-64D425269F09}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8436993D-B595-4316-8170-8FA313E1F95C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7564AD72-4A0B-47E4-A0FF-BD9990626DE8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{FDFA75EF-FCCD-46D0-84D2-198BCED0922F}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{CFC01528-039F-4A74-9B69-5C5D5BF5F16F}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{3F2E799E-7E2E-4556-894A-63B5AA57489E}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{7FFBF8FC-B194-4CEE-92B4-3851EF91D910}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [{1C72CAE9-B280-4486-8D0C-C7F7772EAFA3}] => (Allow) C:\Program Files\CyberLink\PowerDirector13\PDR10.EXE
FirewallRules: [{D0886323-04D7-43FA-85CB-5E58017C702D}] => (Allow) LPort=53000
FirewallRules: [{12238882-8B18-45DA-95DB-269E7019844B}] => (Allow) LPort=52000
FirewallRules: [{73FE8A7D-916A-4022-ABDA-AC199F91104E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{64A648E6-0E38-4574-ABA5-9CE181AD488E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/18/2015 11:08:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1358
 
Start Time: 01d0c1e03470133f
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: 2808232e-2dd4-11e5-bf64-7446a07ed9dc
 
Faulting package full name: Rockmelt.RockmeltDiscovertheBestoftheInternetNewsB_2.0.0.1039_neutral__p1cz7aqg3zbzc
 
Faulting package-relative application ID: App
 
Error: (07/18/2015 10:59:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 25e8
 
Start Time: 01d0c1defd2c99fc
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: f0e6bf10-2dd2-11e5-bf64-7446a07ed9dc
 
Faulting package full name: Rockmelt.RockmeltDiscovertheBestoftheInternetNewsB_2.0.0.1039_neutral__p1cz7aqg3zbzc
 
Faulting package-relative application ID: App
 
Error: (07/18/2015 10:53:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1bf8
 
Start Time: 01d0c1de1c03573b
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 0f951e45-2dd2-11e5-bf64-7446a07ed9dc
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (07/18/2015 10:38:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2068
 
Start Time: 01d0c1dc078307cf
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: fb6b663a-2dcf-11e5-bf64-7446a07ed9dc
 
Faulting package full name: Rockmelt.RockmeltDiscovertheBestoftheInternetNewsB_2.0.0.1039_neutral__p1cz7aqg3zbzc
 
Faulting package-relative application ID: App
 
Error: (07/18/2015 10:20:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program glcnd.exe version 6.3.9600.17499 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3a0c
 
Start Time: 01d0c1da2a919aa7
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
 
Report Id: 7342889e-2dcd-11e5-bf64-7446a07ed9dc
 
Faulting package full name: Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.Reader
 
Error: (07/18/2015 10:20:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: JARVIS)
Description: App Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe+Microsoft.Reader did not launch within its allotted time.
 
Error: (07/18/2015 02:47:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2437
 
Error: (07/18/2015 02:47:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2437
 
Error: (07/18/2015 02:47:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/18/2015 02:47:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234
 
 
System errors:
=============
Error: (07/15/2015 10:43:40 AM) (Source: DCOM) (EventID: 10001) (User: JARVIS)
Description: "C:\WINDOWS\syswow64\backgroundTaskHost.exe" -ServerName:App.AppXkyc4kwkmn65y4ypz1k16e6h1x8fsnr6b.mca31App.AppX3q95tjxxj780n3cpbqyncxjbwjqpef35.mcaUnavailableUnavailable
 
Error: (07/09/2015 02:23:04 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer USER
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DE8CA0B7-E546-4E17-9FEC-2814F3D8B491}.
The master browser is stopping or an election is being forced.
 
Error: (07/09/2015 10:31:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Store Service (WSService) service failed to start due to the following error: 
%%1053
 
Error: (07/09/2015 10:31:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Store Service (WSService) service to connect.
 
Error: (07/05/2015 06:28:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:09:50 PM on ‎7/‎5/‎2015 was unexpected.
 
Error: (07/05/2015 04:39:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:37:03 PM on ‎7/‎5/‎2015 was unexpected.
 
Error: (07/04/2015 10:53:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Internet Security service hung on starting.
 
Error: (07/04/2015 10:46:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:08:27 PM on ‎7/‎3/‎2015 was unexpected.
 
Error: (07/03/2015 10:08:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:51:34 PM on ‎7/‎3/‎2015 was unexpected.
 
Error: (06/27/2015 10:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
 
 
Microsoft Office:
=========================
Error: (06/29/2015 05:10:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 568236 seconds with 14220 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-16 16:58:45.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-16 16:58:44.418
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-16 12:09:24.275
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-16 12:09:23.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-16 12:09:23.507
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-16 12:09:23.132
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-16 12:09:22.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-16 12:09:22.394
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-16 12:09:21.966
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-16 12:09:21.612
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics 
Percentage of memory in use: 67%
Total physical RAM: 3554.26 MB
Available physical RAM: 1172.49 MB
Total Virtual: 6500.8 MB
Available Virtual: 2282.92 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:570.21 GB) (Free:362.05 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.85 GB) (Free:2.95 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:850.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1406B4D4)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: FC2DC779)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay, once the FRST fix has run could you try to download AdwCleaner on this system

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [fst_us_227] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\toffefay\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File not found
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dosearche...X&ts=1383753308
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.dosear...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearche...X&ts=1383753308
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosear...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearche...X&ts=1383753308
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-1529753254-3550861351-3988260587-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
URLSearchHook: HKLM-x32 - (No Name) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No File
URLSearchHook: HKLM-x32 - (No Name) - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosear...q={searchTerms}
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosear...q={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...d={searchTerms}
SearchScopes: HKLM -> {E696739E-642A-414E-B915-E9025763432F} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://feed.snapdo.c...q={searchTerms}
BHO-x32: No Name -> {07cbf788-1359-421b-a4e3-5a8d041b90a3} -> No File
BHO-x32: No Name -> {1122b43d-30ee-403f-9bfa-3cc99b0caddd} -> C:\Users\toffefay\AppData\LocalLow\MixiDJ_V30\prxtbMix2.dll [2014-03-26] (ClientConnect Ltd.)
BHO-x32: SySaver -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> C:\Users\toffefay\AppData\Local\SySaver\temp.dat No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll [2014-06-12] (Thinknice Co. Limited)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> No Name - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - No File
Toolbar: HKU\S-1-5-21-1529753254-3550861351-3988260587-1002 -> No Name - {1122B43D-30EE-403F-9BFA-3CC99B0CADDD} - No File
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
S4 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [540304 2014-06-10] () [File not signed]
2015-07-05 18:33 - 2015-02-05 11:26 - 00003388 _____ C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
2014-09-04 12:32 - 2014-09-04 12:32 - 6010880 _____ () C:\Program Files (x86)\GUT1FBC.tmp
2014-09-04 12:31 - 2014-09-04 12:31 - 6010880 _____ () C:\Program Files (x86)\GUT5027.tmp
2014-09-04 12:30 - 2014-09-04 12:30 - 0000000 _____ () C:\Program Files (x86)\GUT9BAC.tmp
2014-07-11 22:09 - 2014-07-11 22:14 - 0235665 _____ () C:\Users\toffefay\AppData\Roaming\blob-8587964687406125144
Task: {2841655E-83FC-49FE-8F9F-CD6C07828CC3} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {29A44B4B-84F1-4834-B43B-78A2E6994FF9} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\toffefay\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {659824E9-6AF7-4C6B-AE25-62BB01F2A1F4} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {78F102FE-77C7-4ECB-96DC-ADB006C5DB01} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D921488B-F0CA-4280-8A6C-D1AB606259C9} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {FCCFE3C1-2B13-4B19-B53A-6B3C6D37509F} - System32\Tasks\ASP => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Users\toffefay\AppData\Local\Conduit
C:\Program Files (x86)\AnyProtectEx
C:\PROGRA~2\SearchProtect
C:\Program Files (x86)\SupTab
C:\Users\toffefay\AppData\Local\SySaver
C:\Users\toffefay\AppData\LocalLow\MixiDJ_V30
C:\ProgramData\WPM
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\RegClean Pro
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP