Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

PC infected [Solved]

Started by sg555 , Aug 19 2015 10:35 PM

This topic is locked

#1
sg555

Posted 19 August 2015 - 10:35 PM

Member

Member
52 posts

Hi, I was updating Glary Utilities yesterday and somehow got infected with some kind of malware that puts a yahoo search engine on my browser whenever I open it.

I ran malwarebytes and it says its non malware infection but every time I reboot and scan again it comes back.

Here are the firsttxt. reports. Thanks for your help in advance.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
Ran by Admin (administrator) on REGINA-PC (19-08-2015 21:26:22)
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve & Admin (Available Profiles: Regina & Steve & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Logitech, Inc.) C:\Users\Steve\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Steve\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400376 2013-10-30] (Seagate)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5212072 2015-07-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [Google Update] => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-27] (Google Inc.)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [HP Photosmart 7510 series (NET)] => "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19S2516M05T5:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-08-16] (Glarysoft Ltd)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2014-03-01]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 7510 series\bin\HPStatusBL.dll (No File)
BootExecute: autocheck autochk *
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{88786135-6BA9-4FD6-B945-887056AE4746}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B632F6BD-3E77-4DA9-BB2D-A244E962DA21}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\388aoruj.default
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_bimmed_15_34&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4104090456-942970366-3307904469-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4104090456-942970366-3307904469-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-21] (Apple Inc.)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\388aoruj.default\Extensions\[email protected] [2015-03-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-08-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-08-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-08-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-12-31]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_34&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium"
CHR DefaultSearchKeyword: Default -> 8446CD4FA3A6D74E4AF09F2A7DD9FDAB5E548931D69B41694A6696CB75FA7A22
CHR DefaultSearchURL: Default -> A8F4B5A5864403C70FB75909CADD79E989FC6E20C21755E57CDBE826AF6A430E
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3259304 2015-07-29] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2015-07-29] (AVG Technologies CZ, s.r.o.)
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-12] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Steve\AppData\Local\Temp\7zS23AE\hpslpsvc64.dll [X]
S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-10] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R5 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R5 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
R5 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
R5 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [276960 2015-05-18] (AVG Technologies CZ, s.r.o.)
R5 CLFS; C:\Windows\System32\CLFS.sys [367552 2015-03-03] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [459336 2015-01-30] (Microsoft Corporation)
R5 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-13] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
R5 fltsrv; C:\Windows\System32\DRIVERS\fltsrv.sys [108832 2014-03-09] (Acronis International GmbH)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-02-29] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-23] (Microsoft Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-08-19] (Glarysoft Ltd)
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
R5 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [540696 2010-03-03] (Intel Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2015-07-15] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155584 2015-07-15] (Microsoft Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R5 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [113880 2015-08-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-07-15] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-01-13] (CACE Technologies, Inc.)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
R5 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55024 2008-06-16] (Sonic Solutions)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
R5 snapman; C:\Windows\System32\DRIVERS\snapman.sys [233760 2014-03-09] (Acronis)
R5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-04] (Microsoft Corporation)
R5 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-03-09] (Acronis International GmbH)
R5 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-03-09] (Acronis)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
R5 vididr; C:\Windows\System32\DRIVERS\vididr.sys [161568 2014-03-09] (Acronis International GmbH)
R5 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-03-09] (Acronis International GmbH)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] (Microsoft Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 21:26 - 2015-08-19 21:26 - 00029216 _____ C:\Users\Steve\Desktop\FRST.txt
2015-08-19 21:24 - 2015-08-19 21:26 - 00000000 ____D C:\FRST
2015-08-19 21:24 - 2015-08-19 21:24 - 02173952 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2015-08-19 21:12 - 2015-08-19 21:12 - 00002440 _____ C:\Windows\PFRO.log
2015-08-19 20:42 - 2015-08-19 21:12 - 00000112 _____ C:\Windows\setupact.log
2015-08-19 20:42 - 2015-08-19 20:42 - 00000000 _____ C:\Windows\setuperr.log
2015-08-19 20:37 - 2015-08-19 20:37 - 15239080 _____ C:\Users\Admin\Downloads\Glary_Utilities_v5.32.0.52.exe
2015-08-17 16:32 - 2015-08-19 20:32 - 00000270 _____ C:\Windows\Tasks\UpdateTask.job
2015-08-17 16:32 - 2015-08-17 16:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Chromium
2015-08-17 16:32 - 2015-08-17 16:32 - 00003212 _____ C:\Windows\System32\Tasks\UpdateTask
2015-08-17 16:32 - 2015-08-17 16:32 - 00000000 ____D C:\Users\Admin\AppData\Local\{4E2D7871-6A85-14C9-071D-31212375CDB9}
2015-08-17 16:32 - 2015-08-17 16:31 - 01200163 _____ C:\Users\Admin\Downloads\7zip.exe
2015-08-14 18:52 - 2015-08-17 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-12 20:34 - 2015-08-12 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-08-12 20:34 - 2015-08-12 20:34 - 00000000 ____D C:\Program Files (x86)\Coupons
2015-08-12 03:12 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:12 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 19:26 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 19:26 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 19:26 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 19:26 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 19:26 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 19:26 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 19:26 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 19:26 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 19:26 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 19:26 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-11 19:26 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 19:26 - 2015-07-16 12:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 19:26 - 2015-07-16 12:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-11 19:26 - 2015-07-16 12:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 19:26 - 2015-07-15 11:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 19:26 - 2015-07-15 11:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 19:26 - 2015-07-15 11:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 19:26 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 19:26 - 2015-07-15 11:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 19:26 - 2015-07-15 11:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 19:26 - 2015-07-15 11:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 19:26 - 2015-07-15 11:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 19:26 - 2015-07-15 11:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 19:26 - 2015-07-15 11:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 19:26 - 2015-07-15 11:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 19:26 - 2015-07-15 11:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 19:26 - 2015-07-15 11:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 19:26 - 2015-07-15 11:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 19:26 - 2015-07-15 11:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 19:26 - 2015-07-15 11:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 19:26 - 2015-07-15 11:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 19:26 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 19:26 - 2015-07-15 10:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 19:26 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 19:26 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 19:26 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 19:26 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 19:26 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 19:26 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 19:26 - 2015-07-15 10:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 19:26 - 2015-07-15 10:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 19:26 - 2015-07-15 10:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 19:26 - 2015-07-15 10:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 19:26 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 19:26 - 2015-07-15 10:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 19:26 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 19:26 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 09:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 19:26 - 2015-07-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 19:26 - 2015-07-15 09:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 19:26 - 2015-07-15 09:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 19:26 - 2015-07-15 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 19:26 - 2015-07-15 09:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 09:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 09:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 09:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 19:26 - 2015-07-11 06:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-11 19:25 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 19:25 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 19:25 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 19:25 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 19:25 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 19:25 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 19:25 - 2015-07-30 10:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 19:25 - 2015-07-30 09:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 19:25 - 2015-07-30 09:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 19:25 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 19:25 - 2015-07-20 17:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 19:25 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 19:25 - 2015-07-20 11:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 19:25 - 2015-07-20 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 19:25 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 19:25 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 19:25 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 19:25 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 19:25 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 19:25 - 2015-07-16 14:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-11 19:25 - 2015-07-16 13:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-11 19:25 - 2015-07-16 13:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 19:25 - 2015-07-16 13:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 19:25 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 19:25 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 19:25 - 2015-07-16 13:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 19:25 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 19:25 - 2015-07-16 13:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 19:25 - 2015-07-16 13:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 19:25 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 19:25 - 2015-07-16 13:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 19:25 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 19:25 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 19:25 - 2015-07-16 13:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 19:25 - 2015-07-16 13:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 19:25 - 2015-07-16 13:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 19:25 - 2015-07-16 13:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-11 19:25 - 2015-07-16 13:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 19:25 - 2015-07-16 13:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 19:25 - 2015-07-16 13:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-11 19:25 - 2015-07-16 13:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 19:25 - 2015-07-16 12:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 19:25 - 2015-07-16 12:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 19:25 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 19:25 - 2015-07-16 12:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 19:25 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 19:25 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 19:25 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 19:25 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 19:25 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 19:25 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 19:25 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 19:25 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 19:25 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 19:25 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 19:25 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 19:25 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 19:25 - 2015-07-16 12:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 19:25 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 19:25 - 2015-07-16 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 19:25 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 19:25 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 19:25 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 19:25 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 19:25 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 19:25 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 19:25 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 19:25 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 19:25 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 19:25 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 19:25 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 19:25 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 19:25 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 19:25 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 19:25 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 19:25 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 19:25 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 19:25 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 19:25 - 2015-07-14 20:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 19:25 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 19:25 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 19:25 - 2015-07-14 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 19:25 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 19:25 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 19:25 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 19:25 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 19:25 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 19:25 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 19:25 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 19:25 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 19:25 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 19:25 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 19:25 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 19:25 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 19:25 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 19:25 - 2015-05-09 11:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-02 20:58 - 2015-08-02 20:58 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-08-02 20:56 - 2015-08-02 20:56 - 04184064 _____ (BrightFort LLC ) C:\Users\Admin\Downloads\spywareblastersetup52.exe
2015-07-21 08:39 - 2015-07-21 08:39 - 00002257 _____ C:\Users\Regina\Desktop\Google Chrome.lnk
2015-07-21 08:39 - 2015-07-21 08:39 - 00000000 ____D C:\Users\Regina\AppData\Local\GWX
2015-07-21 03:28 - 2015-07-21 03:28 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-21 03:28 - 2015-07-21 03:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-21 03:28 - 2015-07-21 03:28 - 00000000 ____D C:\Program Files\iTunes
2015-07-21 03:28 - 2015-07-21 03:28 - 00000000 ____D C:\Program Files\iPod
2015-07-21 03:28 - 2015-07-21 03:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-21 03:23 - 2015-07-21 03:23 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-21 03:23 - 2015-07-21 03:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-21 03:23 - 2015-07-21 03:23 - 00000000 ____D C:\Program Files (x86)\QuickTime

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 21:21 - 2009-07-13 21:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-19 21:21 - 2009-07-13 21:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-19 21:18 - 2009-07-13 22:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-19 21:17 - 2015-03-11 20:13 - 01993952 _____ C:\Windows\WindowsUpdate.log
2015-08-19 21:13 - 2011-08-26 19:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-19 21:12 - 2010-04-20 22:30 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-08-19 21:12 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-19 21:00 - 2011-08-26 19:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-19 20:56 - 2012-01-01 17:45 - 00000324 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-08-19 20:47 - 2015-03-04 18:35 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-19 20:44 - 2015-03-15 20:19 - 00000000 ____D C:\ProgramData\ProductData
2015-08-19 20:38 - 2015-03-25 16:48 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2015-08-19 20:38 - 2015-03-25 16:48 - 00003314 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2015-08-19 20:38 - 2015-03-25 16:48 - 00002974 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2015-08-19 20:38 - 2015-03-25 16:48 - 00001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-08-19 20:38 - 2015-03-25 16:48 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-08-19 20:27 - 2012-03-29 21:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-19 19:10 - 2015-03-11 20:44 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForAdmin.job
2015-08-19 18:31 - 2010-10-17 22:43 - 00000000 ____D C:\ProgramData\MFAData
2015-08-19 18:26 - 2015-03-04 18:32 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core1d056e441f18695.job
2015-08-18 07:52 - 2013-08-27 21:38 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core.job
2015-08-17 17:31 - 2015-03-15 18:40 - 00003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSteve
2015-08-17 17:31 - 2015-03-15 18:40 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForSteve.job
2015-08-17 16:32 - 2011-11-12 18:06 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-17 12:17 - 2012-04-29 18:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-16 17:00 - 2009-12-29 19:38 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-08-15 19:10 - 2015-03-11 20:44 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAdmin
2015-08-12 19:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 17:29 - 2012-09-09 12:49 - 00000000 ____D C:\Users\Steve\AppData\Local\NETGEARGenie
2015-08-12 03:31 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 03:31 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:31 - 2009-07-13 21:45 - 00441256 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:29 - 2015-03-13 04:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:29 - 2015-03-13 04:03 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 03:28 - 2009-12-28 20:33 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-08-12 03:13 - 2010-03-09 07:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 03:12 - 2013-03-14 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 03:05 - 2013-08-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:01 - 2010-01-10 10:36 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 23:27 - 2012-03-29 21:54 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 23:27 - 2012-03-29 21:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 23:27 - 2011-05-15 15:13 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-08 08:43 - 2013-12-01 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-08 08:43 - 2013-10-19 09:18 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2015-08-05 09:25 - 2009-12-22 23:50 - 00000000 ____D C:\Windows\Panther
2015-08-05 09:21 - 2015-07-10 06:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-02 20:58 - 2013-12-02 09:10 - 00001081 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-08-02 20:58 - 2010-06-03 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-08-02 20:58 - 2010-06-03 18:28 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-08-02 20:58 - 2009-12-23 00:03 - 00000000 ____D C:\ProgramData\Temp
2015-08-02 20:58 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-31 23:05 - 2010-04-25 09:53 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Skype
2015-07-25 18:23 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-21 08:39 - 2015-03-20 22:44 - 00000000 __SHD C:\Users\Regina\AppData\Local\EmieUserList
2015-07-21 08:39 - 2015-03-20 22:44 - 00000000 __SHD C:\Users\Regina\AppData\Local\EmieSiteList
2015-07-21 08:39 - 2015-03-20 22:44 - 00000000 __SHD C:\Users\Regina\AppData\Local\EmieBrowserModeList
2015-07-21 08:39 - 2011-08-26 19:37 - 00000000 ____D C:\Users\Regina\AppData\Local\Google
2015-07-21 08:26 - 2010-04-20 22:30 - 00033591 _____ C:\Windows\system32\lvcoinst.log
2015-07-21 07:44 - 2015-03-04 21:54 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2015-07-21 07:44 - 2015-03-04 21:54 - 00000000 ____D C:\Users\Admin\AppData\Local\Apple Computer
2015-07-21 03:28 - 2015-03-05 08:14 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-21 03:28 - 2010-04-14 22:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-20 15:10 - 2015-03-15 18:11 - 00000000 ____D C:\ProgramData\Oracle
2015-07-20 15:10 - 2015-03-15 18:11 - 00000000 ____D C:\Program Files\Java
2015-07-20 15:09 - 2015-03-15 18:11 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-07-20 15:07 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-05-20 17:51 - 2014-03-02 12:34 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-12-31 17:45 - 2011-12-31 17:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-12-28 19:03 - 2009-12-28 19:03 - 0000268 ___RH () C:\ProgramData\Grapher
2009-12-28 19:03 - 2009-12-28 19:03 - 0000012 ___RH () C:\ProgramData\Halftone
2009-12-28 19:03 - 2015-03-07 18:19 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-12 18:52

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Admin (2015-08-19 21:26:55)
Running from C:\Users\Steve\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Admin (S-1-5-21-4104090456-942970366-3307904469-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-4104090456-942970366-3307904469-500 - Administrator - Disabled)
Guest (S-1-5-21-4104090456-942970366-3307904469-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4104090456-942970366-3307904469-1002 - Limited - Enabled)
Regina (S-1-5-21-4104090456-942970366-3307904469-1001 - Limited - Enabled) => C:\Users\Regina
Steve (S-1-5-21-4104090456-942970366-3307904469-1003 - Limited - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.02 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version: - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{F9F4430E-80DE-EC0F-BF8E-476352C8F954}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4830 - AVG Technologies)
AVG 2014 (Version: 14.0.4365 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4830 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
ccc-core-static (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
ChromecastApp (HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Chromium (HKU\S-1-5-21-4104090456-942970366-3307904469-1004\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FrostWire 4.21.1 (HKLM-x32\...\FrostWire) (Version: 4.21.1.0 - FrostWire Team)
Glary Utilities 5.32 (HKLM-x32\...\Glary Utilities 5) (Version: 5.32.0.52 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.8.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP Photo Creations)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{24E01F02-4261-42B8-9BD9-80E5E6D64952}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{566BB063-0E28-4273-A748-690BE86A7E26}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7230) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG)
Nero 8 Essentials (HKLM-x32\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.16 - NETGEAR Inc.)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.1.0 - Nikon)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1931 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Seagate DiscWizard (HKLM-x32\...\{AC5BFE42-B72A-467C-B9B2-8BF77C6D4D70}) (Version: 16.0.5840 - Seagate)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4104090456-942970366-3307904469-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4104090456-942970366-3307904469-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4104090456-942970366-3307904469-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4104090456-942970366-3307904469-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

08-08-2015 13:34:36 Windows Update
11-08-2015 19:19:28 Windows Update
12-08-2015 03:00:40 Windows Update
15-08-2015 19:21:16 Windows Update
16-08-2015 19:00:16 Windows Backup
19-08-2015 18:44:53 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05ECFC30-C8F0-4596-9E04-F2B94E01EB9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)
Task: {0A69AA88-46F9-40C4-BB88-B6B97F783EED} - System32\Tasks\HPCeeScheduleForSteve => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {139DA4B3-CD40-48EA-BE90-94604B77BA42} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-08-16] (Glarysoft Ltd)
Task: {1A39A1E2-E936-41B5-8E13-1BC4552D1CA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {260211EC-CE87-4B59-A5F0-E368B0C74D3B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3FEF525C-E0CE-49C9-80B2-7540D0C42B78}.exe
Task: {34B9579E-7FEB-4829-8432-A3448C4BB65F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {36B0D09C-4C05-43BF-91AB-F85D73A02257} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4306C0FE-0667-4DD4-8778-9E2335DA844E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {4689B256-0CC0-43CD-9A73-058150E26FFC} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: {4ED175EB-5323-419E-A00C-ABDEB9D5D986} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {55EEF9E5-A1DB-4AD0-915E-3C3FF8ABBF8D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003UA => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {5A6497E8-476E-42C8-8DBA-CF8E26D30E34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN19S2516M => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {6491DFAA-B4AF-46BC-AC8B-373BE62F108F} - System32\Tasks\HPCeeScheduleForAdmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {689727D5-F159-46CF-B414-03264143347C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {69D7D276-4A22-4EE3-81B9-91D4E87BB7D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6EF55D5A-E5BC-4B82-987B-4438A8959844} - System32\Tasks\{741744D3-7268-43AD-84D1-F49344875C38} => C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
Task: {757D9935-A480-497F-9994-6774DBB04B30} - System32\Tasks\UpdateTask => C:\Users\Admin\AppData\Local\{4E2D7~1\UNINST~1.EXE [2015-08-17] ()
Task: {76D67CF7-8AAF-4826-976F-B5126ED9BCDA} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {7A7843AA-6534-4F0F-8C4E-F3487B5CE24F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8EE694EA-F4F0-4DA4-B3A4-0A289E063CCC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {91F18C79-CD5F-4C61-9649-509B3D2FEBF3} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2012-03-30] ()
Task: {9FAB368E-F8F7-4DEA-91AC-D7B2B92FC966} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)
Task: {B0AB36CB-5BA1-473C-8283-BDC9078B59E7} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C89DA69C-1390-4ED7-96A6-326E40538396} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-08-16] (Glarysoft Ltd)
Task: {D18E5371-00BA-4F5E-B165-EFC04E727328} - System32\Tasks\hpUrlLauncher.exe_{6A615458-36D9-4058-B0C6-6EB3A9C8E82D} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe
Task: {D252E99A-3D6C-42F1-A7B4-E6C331C9D3CE} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {DE463C6D-5B8D-4D89-AF86-AE24B4F23DDC} - System32\Tasks\{9E71131C-EBAD-48A4-B4E0-059B09F3FF57} => C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
Task: {EE7672B7-72C7-4751-A3B8-2EBD658E8836} - System32\Tasks\GoogleUpdateTaskMachineCore1d0562650c58ac9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)
Task: {EF1A3863-9D0E-4732-8107-40E54A2B9EC8} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {F12DFDCE-98DE-4AAC-95EB-79B8F30CA149} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F5B976FD-920B-4189-858D-7B682586CB5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core1d056e441f18695 => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {FF3D1075-B80D-422D-AA23-02FECF8975A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0562650c58ac9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core1d056e441f18695.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003UA.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAdmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSteve.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\UpdateTask.job => 0x01060100D70EA4EE61DC28469202739BE7F43B984600DC000000000044440000200000000014730FDD0407800013040000208021DF0708000300130014002000000001000000330043003A005C00550073006500720073005C00410064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C007B00340045003200440037007E0031005C0055004E0049004E00530054007E0031002E00450058004500000007002F0043006800650063006B00000000000600410064006D0069006E0000000000000008000000000000000000010030000000D6070400040000000000000000002000A00500003C0000000000000001000000010000000000000000000000

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-23 00:10 - 2008-09-30 19:59 - 00192512 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
2010-02-21 18:02 - 2010-03-15 12:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-07-08 15:35 - 2009-07-08 15:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-11-14 06:12 - 2013-11-14 06:12 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2010-06-30 00:12 - 2010-06-30 00:12 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2013-12-06 01:04 - 2013-12-06 01:04 - 00465920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-12-05 04:36 - 2013-12-05 04:36 - 01547776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-11-10 18:59 - 2013-11-10 18:59 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-12-05 04:37 - 2013-12-05 04:37 - 00631808 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-12-05 22:55 - 2013-12-05 22:55 - 04956160 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 02:05 - 2013-11-13 02:05 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-10 18:58 - 2013-11-10 18:58 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-10 19:09 - 2013-11-10 19:09 - 01174528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-12-05 04:31 - 2013-12-05 04:31 - 08558592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-12-05 04:34 - 2013-12-05 04:34 - 01270272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-10 18:59 - 2013-11-10 18:59 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-12-06 00:57 - 2013-12-06 00:57 - 00199680 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-12-05 04:43 - 2013-12-05 04:43 - 00884736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-10 19:21 - 2013-11-10 19:21 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-10 18:58 - 2013-11-10 18:58 - 00078848 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00140288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2013-11-14 01:56 - 2013-11-14 01:56 - 00267756 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-12-05 04:43 - 2013-12-05 04:43 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-10 19:24 - 2013-11-10 19:24 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-10 19:23 - 2013-11-10 19:23 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 18:36 - 2010-05-07 18:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-03-13 20:35 - 2015-03-13 20:35 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\7d521e583439ddf659b36d5f281ca646\IsdiInterop.ni.dll
2010-06-11 13:14 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1001movie.com -> 1001movie.com

There are 6092 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Regina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A5D42BD5-1F6E-468E-ADC0-9217FB66AAB6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{2BEAD36D-A573-48C9-91DD-8C7AF73FFAFE}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{DA48F818-0EFF-4D22-B8E6-388464ECC149}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{5C3A69AB-B2AB-493C-851D-722DDEA16F9C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{86B3DDE9-E082-4B7A-B2B3-181890B70DCA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{E8CD7934-EFCA-4404-85B3-38F0AB94854F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{9BA1D56D-CFB7-4173-8C84-958BD765BFDC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{525019AD-FA41-4354-8CF1-19396AF486FB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{8FFC1523-8862-4F29-93CE-C11AEA937453}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EB8D5519-6A63-40E6-AED0-829F7055990B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{ED4A0A0C-22E3-49B5-98D6-492B51049F0B}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{C1929525-F647-40CF-AEC8-0C740D875A93}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{FEDED4E0-F3F9-440B-91C9-BF37803E6CF5}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{58ED585E-0F9D-4A4E-9AB9-9C2FE4FB41CC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{F713D610-99EC-4022-8AE7-74F5BE7CAF1E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{4DCB84FF-EE4F-4628-B482-025D6871EC14}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{6E95DFFE-7A44-445C-85D5-4767457CE868}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{21B76209-534F-45DA-AAA8-441960B96B82}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{F739D6D8-01B6-4B0A-AF52-2BAD560BA6E0}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [TCP Query User{F82248C6-A503-41AC-B6B2-B2FC8BD507F4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E973D4A4-5A03-43A7-872C-0220C1732E24}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{BA4EBC43-1A86-430D-AF70-9DBF594A3DBA}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{E1F16C8F-F418-4512-A3ED-69F624E279D7}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{18AE7FED-1719-4E09-9CC4-6C65530FD6D4}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{47B1FC64-E8DA-4A81-8CBB-A166165992AB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{12BD52AC-24AF-40EA-A1DC-11E61E0A4DD3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BCF76026-7408-4820-B48E-82D313B4D78A}] => (Allow) LPort=2869
FirewallRules: [{774323C1-6F5A-4D26-A942-A84A923CFD9E}] => (Allow) LPort=1900
FirewallRules: [{F3A429D1-9F30-4BE4-81BC-2D7A3228A023}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{362E986F-96EE-495F-90C1-25D7FD47F7F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A85DB3A1-6A52-4968-BE01-BBBB128E3B59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{696EBADC-0BE2-44DB-AC57-E96932CB2E8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D81E60C-9CDC-4871-BC14-2295D5DC4652}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{468EDB13-8CD6-4626-A42D-E70280F057B3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B4C80D68-8BC5-4AC5-A5AA-41B8F1F83CF7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B131EA45-05AA-4E90-86CC-6BB3F16E6736}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2A406B6-3238-41A5-AF00-80C94EFF3A6C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0D663DD7-996E-484C-BD3E-CF10DA067D51}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS15FE\HPDiagnosticCoreUI.exe
FirewallRules: [{2A6FC45B-6C91-4EE5-8E59-4A909DEEBB3B}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS15FE\HPDiagnosticCoreUI.exe
FirewallRules: [{64CD7943-F879-43E0-B501-B93A8753CD9D}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS1639\HPDiagnosticCoreUI.exe
FirewallRules: [{ECFCE370-E244-4694-8EEC-78F6063732F5}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS1639\HPDiagnosticCoreUI.exe
FirewallRules: [{77331231-B560-4FD8-9E57-BAA44408F889}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS1CD8\HPDiagnosticCoreUI.exe
FirewallRules: [{E4F62952-C29D-4E12-84D5-DA5EC9B5E28D}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS1CD8\HPDiagnosticCoreUI.exe
FirewallRules: [{837A19EB-DE6F-418C-B9CC-85AE8814A822}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS2A1C\HPDiagnosticCoreUI.exe
FirewallRules: [{A83ECAA3-3FA3-4715-90C8-3B717E69D744}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS2A1C\HPDiagnosticCoreUI.exe
FirewallRules: [{C3C865EC-F181-4520-8402-89540248953C}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS3E32\HPDiagnosticCoreUI.exe
FirewallRules: [{958E1923-7EFC-4FE6-A839-6B536DBA84C8}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS3E32\HPDiagnosticCoreUI.exe
FirewallRules: [{986FFB01-64FE-4E03-863C-FB9BCF663254}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS3E5C\HPDiagnosticCoreUI.exe
FirewallRules: [{15C2F4AF-09B6-476C-B97F-61F1F0D28B8D}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS3E5C\HPDiagnosticCoreUI.exe
FirewallRules: [{5A9C3A8D-F0FA-425B-934B-DB21DF34D859}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS1732\hppiw.exe
FirewallRules: [{741BA3C8-9136-4391-A9A0-CBB47C8C5DCA}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS1732\hppiw.exe
FirewallRules: [{36E63B64-5B7A-489B-9873-F0A80D86812A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{17454410-D404-464D-9FB3-B6F482CB567D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{A2F0848A-E9DE-4168-83D2-38A8AA256296}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS2F88\HPDiagnosticCoreUI.exe
FirewallRules: [{71EA7B95-598C-4ADE-A094-C0D36EE3242A}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS2F88\HPDiagnosticCoreUI.exe
FirewallRules: [{D576ED6D-94F8-48B7-BDF5-47D3B129B0D6}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS2F88\HPDiagnosticCoreUI.exe
FirewallRules: [{1C8141D8-9672-4BE4-8E6E-8AA9603EA487}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS2F88\HPDiagnosticCoreUI.exe
FirewallRules: [{7DD9ECD1-5E1E-41AA-8248-DB651461349A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FF458619-E8FD-46A5-AC7C-8A72B531D351}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{A85E7F02-5DB9-4A7E-8532-26DAE87015E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{CCED9952-1A4D-4A62-B83D-F23B9B50C7ED}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{94240F2F-DA52-4117-86C2-886C70960738}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{FAFBC2C4-78BB-40F3-8FA9-C0CB31006EA9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{3429F1C7-640F-48CF-AB5C-C760385D8CB7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{682096A3-A1CD-4535-AD0E-4AD5AFA05D79}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{361D9DEE-A7E4-41F9-964D-F4D968CD3FA1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{8F730504-F9A7-4146-AE83-1720B8AEDEB5}] => (Allow) C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2015 09:13:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 6.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (08/19/2015 09:13:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   19 6.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

Error: (08/19/2015 09:13:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 2.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (08/19/2015 09:13:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353   19 2.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

Error: (08/19/2015 06:26:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 6.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (08/19/2015 06:26:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   19 6.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

Error: (08/19/2015 06:26:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 2.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (08/19/2015 06:26:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353   19 2.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

Error: (08/18/2015 01:14:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 6.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (08/18/2015 01:14:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   19 6.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

System errors:
=============
Error: (08/19/2015 09:15:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/19/2015 09:14:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/19/2015 09:13:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.3.0 service failed to start due to the following error:
%%2

Error: (08/19/2015 08:45:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/19/2015 08:44:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/19/2015 08:43:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.3.0 service failed to start due to the following error:
%%2

Error: (08/19/2015 06:46:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/18/2015 12:45:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/18/2015 08:32:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/18/2015 08:31:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office:
=========================
Error: (01/16/2012 09:22:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/18/2010 03:12:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 312 seconds with 240 seconds of active time. This session ended with a crash.

CodeIntegrity:
===================================
Date: 2012-03-09 19:33:07.864
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:33:07.824
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:55.792
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:55.752
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.891
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.861
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.351
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.311
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:24.768
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:24.728
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 8183.08 MB
Available physical RAM: 5259.61 MB
Total Virtual: 16364.37 MB
Available Virtual: 12598.24 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:915 GB) (Free:761.87 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:16.41 GB) (Free:5.49 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive h: (HP) (Fixed) (Total:686.23 GB) (Free:656.88 GB) NTFS
Drive i: (FACTORY_IMAGE) (Fixed) (Total:12.31 GB) (Free:1.39 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 17D88420)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.4 GB) - (Type=07 NTFS)

==================== End of log ============================

#2
Pyxis

Posted 20 August 2015 - 07:20 AM

Trusted Helper

Malware Removal
1,228 posts

Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world!

I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:

It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.

I hope you keep in mind these reminders. Let's get to work! :thumbsup:

Step 1

Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with either malware or bloatware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.
- Coupon Printer for Windows
- Surfing Protection
Inform me if you encounter problems in the removal process.

Step 2

Copy and paste the following into Notepad and save as fixlist.txt to your desktop:

CloseProcesses:
EmptyTemp:
CreateRestorePoint:

Task: {260211EC-CE87-4B59-A5F0-E368B0C74D3B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3FEF525C-E0CE-49C9-80B2-7540D0C42B78}.exe
Task: {34B9579E-7FEB-4829-8432-A3448C4BB65F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {4689B256-0CC0-43CD-9A73-058150E26FFC} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: {757D9935-A480-497F-9994-6774DBB04B30} - System32\Tasks\UpdateTask => C:\Users\Admin\AppData\Local\{4E2D7~1\UNINST~1.EXE [2015-08-17] ()
Task: {D252E99A-3D6C-42F1-A7B4-E6C331C9D3CE} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\UpdateTask.job => 0x01060100D70EA4EE61DC28469202739BE7F43B984600DC000000000044440000200000000014730FDD0407800013040000208021DF0708000300130014002000000001000000330043003A005C00550073006500720073005C00410064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C007B00340045003200440037007E0031005C0055004E0049004E00530054007E0031002E00450058004500000007002F0043006800650063006B00000000000600410064006D0069006E0000000000000008000000000000000000010030000000D6070400040000000000000000002000A00500003C0000000000000001000000010000000000000000000000
2013-05-20 17:51 - 2014-03-02 12:34 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-12-31 17:45 - 2011-12-31 17:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-12-28 19:03 - 2015-03-07 18:19 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2015-08-12 20:34 - 2015-08-12 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-08-12 20:34 - 2015-08-12 20:34 - 00000000 ____D C:\Program Files (x86)\Coupons
2015-08-17 16:32 - 2015-08-17 16:32 - 00000000 ____D C:\Users\Admin\AppData\Local\{4E2D7871-6A85-14C9-071D-31212375CDB9}
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S2 HPSLPSVC; C:\Users\Steve\AppData\Local\Temp\7zS23AE\hpslpsvc64.dll [X]
S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
C:\Program Files (x86)\Common Files\AVG Secure Search
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_34&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium"
CHR DefaultSearchKeyword: Default -> 8446CD4FA3A6D74E4AF09F2A7DD9FDAB5E548931D69B41694A6696CB75FA7A22
CHR DefaultSearchURL: Default -> A8F4B5A5864403C70FB75909CADD79E989FC6E20C21755E57CDBE826AF6A430E
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\388aoruj.default\Extensions\[email protected] [2015-03-16]
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_bimmed_15_34&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: bitsadmin /reset /allusers

Run your copy of FRST. It is important to ensure it is located in your desktop.
Press the Fix button.
It will produce a log (fixlog.txt) once done.
Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

Step 3

Download 'AdwCleaner by Xplode' and save it to your desktop.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Read the Terms of Use and click I Agree.
- Click Scan and choose Clean after.
- Wait for it to finish. It won't take long.
- Click OK for the next prompts. Your system will automatically reboot.
- A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

Logs to Post

In summary of the above, I will need you to post the following log(s):
- fixlog.txt (Farbar Recovery Scan Tool)
- AdwCleaner[S*].txt (AdwCleaner)

#3
sg555

Posted 22 August 2015 - 08:15 PM

Member

Topic Starter
Member
52 posts

Here is the Farbar txt. When I ran the Adware cleaner no text popped up. When I did the scan the only thing that came up was toolblar updater and it cleaned it.
I ran it twice but no log either time.

Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Steve (2015-08-20 18:53:51) Run:1
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve & Admin (Available Profiles: Regina & Steve & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
EmptyTemp:
CreateRestorePoint:

Task: {260211EC-CE87-4B59-A5F0-E368B0C74D3B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3FEF525C-E0CE-49C9-80B2-7540D0C42B78}.exe
Task: {34B9579E-7FEB-4829-8432-A3448C4BB65F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program
Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {4689B256-0CC0-43CD-9A73-058150E26FFC} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: {757D9935-A480-497F-9994-6774DBB04B30} - System32\Tasks\UpdateTask => C:\Users\Admin\AppData\Local\{4E2D7~1\UNINST~1.EXE [2015-08-17] ()
Task: {D252E99A-3D6C-42F1-A7B4-E6C331C9D3CE} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\UpdateTask.job =>
0x01060100D70EA4EE61DC28469202739BE7F43B984600DC000000000044440000200000000014730FDD0407800013040000208021DF0708000300130014002000000001000000330043003A005C00550073006500720073005C00410064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C007B00340045003200440037007E0031005C0055004E0049004E00530054007E0031002E00450058004500000007002F0043006800650063006B00000000000600410064006D0069006E0000000000000008000000000000000000010030000000D6070400040000000000000000002000A00500003C0000000000000001000000010000000000000000000000
2013-05-20 17:51 - 2014-03-02 12:34 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-12-31 17:45 - 2011-12-31 17:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-12-28 19:03 - 2015-03-07 18:19 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2015-08-12 20:34 - 2015-08-12 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-08-12 20:34 - 2015-08-12 20:34 - 00000000 ____D
C:\Program Files (x86)\Coupons
2015-08-17 16:32 - 2015-08-17 16:32 - 00000000 ____D C:\Users\Admin\AppData\Local\{4E2D7871-6A85-14C9-071D-31212375CDB9}
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S2 HPSLPSVC; C:\Users\Steve\AppData\Local\Temp\7zS23AE\hpslpsvc64.dll [X]
S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
C:\Program Files (x86)\Common Files\AVG Secure Search
CHR StartupUrls: Default ->
"hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_34&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium"
CHR DefaultSearchKeyword: Default -> 8446CD4FA3A6D74E4AF09F2A7DD9FDAB5E548931D69B41694A6696CB75FA7A22
CHR DefaultSearchURL: Default -> A8F4B5A5864403C70FB75909CADD79E989FC6E20C21755E57CDBE826AF6A430E
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
FF Extension: Advanced SystemCare Surfing Protection -
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\388aoruj.default\Extensions\[email protected] [2015-03-16]
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_bimmed_15_34&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -
No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: bitsadmin /reset /allusers
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{260211EC-CE87-4B59-A5F0-E368B0C74D3B} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34B9579E-7FEB-4829-8432-A3448C4BB65F} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\PCDRScheduledMaintenance not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDRScheduledMaintenance => key could not remove. Access Denied.
Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.) => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4689B256-0CC0-43CD-9A73-058150E26FFC} => key could not remove. Access Denied.
Could not move "C:\Windows\System32\Tasks\0215avUpdateInfo" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0215avUpdateInfo => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{757D9935-A480-497F-9994-6774DBB04B30} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\UpdateTask not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateTask => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D252E99A-3D6C-42F1-A7B4-E6C331C9D3CE} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admin not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Admin => key could not remove. Access Denied.
Could not move "C:\Windows\Tasks\PCDRScheduledMaintenance.job" => Scheduled to move on reboot.
Task: C:\Windows\Tasks\UpdateTask.job => not found.
0x01060100D70EA4EE61DC28469202739BE7F43B984600DC000000000044440000200000000014730FDD0407800013040000208021DF0708000300130014002000000001000000330043003A005C00550073006500720073005C00410064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C007B00340045003200440037007E0031005C0055004E0049004E00530054007E0031002E00450058004500000007002F0043006800650063006B00000000000600410064006D0069006E0000000000000008000000000000000000010030000000D6070400040000000000000000002000A00500003C0000000000000001000000010000000000000000000000 => Error: No automatic fix found for this entry.
Could not move "C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Ament.ini" => Scheduled to move on reboot.
Could not move "C:\ProgramData\PKP_DLdu.DAT" => Scheduled to move on reboot.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons" => File/Folder not found.
"2015-08-12 20:34 - 2015-08-12 20:34 - 00000000 ____D" => File/Folder not found.
"C:\Program Files (x86)\Coupons" => File/Folder not found.
"C:\Users\Admin\AppData\Local\{4E2D7871-6A85-14C9-071D-31212375CDB9}" => File/Folder not found.
PcdrNdisuio => service could not remove
HPSLPSVC => service could not remove
vToolbarUpdater18.3.0 => service could not remove
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Folder not found.
Chrome StartupUrls not found.
"hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_34&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium" => Error: No automatic fix found for this entry.
Chrome DefaultSearchKeyword not found.
Chrome DefaultSearchURL not found.
Chrome DefaultSuggestURL not found.
FF Extension: Advanced SystemCare Surfing Protection - => not found.
"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\388aoruj.default\Extensions\[email protected] [2015-03-16]" => File/Folder not found.
Firefox DefaultSearchEngine.US removed successfully
Firefox "homepage" removed successfully
HKCR\PROTOCOLS\Handler\linkscanner => key could not remove. Access Denied.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
No File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value could not remove.
URL = => Error: No automatic fix found for this entry.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key could not remove. Access Denied.
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key could not remove. Access Denied.

"C:\Windows\system32\GroupPolicy\Machine" folder move:

Could not move "C:\Windows\system32\GroupPolicy\Machine" => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
Could not move "C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Google => key could not remove. Access Denied.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value could not remove.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value could not remove.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

The requested operation requires elevation (Run as administrator).

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

The requested operation requires elevation (Run as administrator).

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to enum jobs - 0x80070005
Access is denied.

========= End of CMD: =========

EmptyTemp: => 17.2 MB temporary data Removed.

#4
Pyxis

Posted 23 August 2015 - 01:55 AM

Trusted Helper

Malware Removal
1,228 posts

Is your current account an administrator? You will need to perform the steps on one such account, otherwise they will all fail. Feel free to redo the steps, but using the correct account.

#5
sg555

Posted 24 August 2015 - 07:03 PM

Member

Topic Starter
Member
52 posts

Ok, I ran everything and actually found the original adware file. Here you go. Thanks for your help.

Fix result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by Steve (2015-08-24 17:40:32) Run:2
Running from C:\Users\Steve\Desktop
Loaded Profiles: Regina & Steve & Admin (Available Profiles: Regina & Steve & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
EmptyTemp:
CreateRestorePoint:

Task: {260211EC-CE87-4B59-A5F0-E368B0C74D3B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3FEF525C-E0CE-49C9-80B2-7540D0C42B78}.exe
Task: {34B9579E-7FEB-4829-8432-A3448C4BB65F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {4689B256-0CC0-43CD-9A73-058150E26FFC} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: {757D9935-A480-497F-9994-6774DBB04B30} - System32\Tasks\UpdateTask => C:\Users\Admin\AppData\Local\{4E2D7~1\UNINST~1.EXE [2015-08-17] ()
Task: {D252E99A-3D6C-42F1-A7B4-E6C331C9D3CE} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\UpdateTask.job => 0x01060100D70EA4EE61DC28469202739BE7F43B984600DC000000000044440000200000000014730FDD0407800013040000208021DF0708000300130014002000000001000000330043003A005C00550073006500720073005C00410064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C007B00340045003200440037007E0031005C0055004E0049004E00530054007E0031002E00450058004500000007002F0043006800650063006B00000000000600410064006D0069006E0000000000000008000000000000000000010030000000D6070400040000000000000000002000A00500003C0000000000000001000000010000000000000000000000
2013-05-20 17:51 - 2014-03-02 12:34 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-12-31 17:45 - 2011-12-31 17:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-12-28 19:03 - 2015-03-07 18:19 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2015-08-12 20:34 - 2015-08-12 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-08-12 20:34 - 2015-08-12 20:34 - 00000000 ____D C:\Program Files (x86)\Coupons
2015-08-17 16:32 - 2015-08-17 16:32 - 00000000 ____D C:\Users\Admin\AppData\Local\{4E2D7871-6A85-14C9-071D-31212375CDB9}
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S2 HPSLPSVC; C:\Users\Steve\AppData\Local\Temp\7zS23AE\hpslpsvc64.dll [X]
S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
C:\Program Files (x86)\Common Files\AVG Secure Search
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_34&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium"
CHR DefaultSearchKeyword: Default -> 8446CD4FA3A6D74E4AF09F2A7DD9FDAB5E548931D69B41694A6696CB75FA7A22
CHR DefaultSearchURL: Default -> A8F4B5A5864403C70FB75909CADD79E989FC6E20C21755E57CDBE826AF6A430E
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\388aoruj.default\Extensions\[email protected] [2015-03-16]
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_bimmed_15_34&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: bitsadmin /reset /allusers
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{260211EC-CE87-4B59-A5F0-E368B0C74D3B} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34B9579E-7FEB-4829-8432-A3448C4BB65F} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\PCDRScheduledMaintenance not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDRScheduledMaintenance => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4689B256-0CC0-43CD-9A73-058150E26FFC} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\0215avUpdateInfo not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0215avUpdateInfo => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{757D9935-A480-497F-9994-6774DBB04B30} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\UpdateTask not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateTask => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D252E99A-3D6C-42F1-A7B4-E6C331C9D3CE} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admin not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Admin => key could not remove. Access Denied.
Could not move "C:\Windows\Tasks\PCDRScheduledMaintenance.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\UpdateTask.job" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Ament.ini" => Scheduled to move on reboot.
Could not move "C:\ProgramData\PKP_DLdu.DAT" => Scheduled to move on reboot.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons" => File/Folder not found.
"C:\Program Files (x86)\Coupons" => File/Folder not found.
"C:\Users\Admin\AppData\Local\{4E2D7871-6A85-14C9-071D-31212375CDB9}" => File/Folder not found.
PcdrNdisuio => service could not remove
HPSLPSVC => service could not remove
vToolbarUpdater18.3.0 => service not found.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Folder not found.
Chrome StartupUrls not found.
Chrome DefaultSearchKeyword not found.
Chrome DefaultSearchURL not found.
Chrome DefaultSuggestURL not found.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\388aoruj.default\Extensions\[email protected] => not found.
Firefox DefaultSearchEngine.US removed successfully
Firefox "homepage" removed successfully
HKCR\PROTOCOLS\Handler\linkscanner => key could not remove. Access Denied.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value not found.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value not found.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => key could not remove. Access Denied.
HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value could not remove.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key could not remove. Access Denied.
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.

"C:\Windows\system32\GroupPolicy\Machine" folder move:

Could not move "C:\Windows\system32\GroupPolicy\Machine" => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
Could not move "C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Google => key could not remove. Access Denied.

========= RemoveProxy: =========

HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

The requested operation requires elevation (Run as administrator).

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

The requested operation requires elevation (Run as administrator).

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to enum jobs - 0x80070005
Access is denied.

========= End of CMD: =========

EmptyTemp: => 44 MB temporary data Removed.

# AdwCleaner v5.003 - Logfile created 20/08/2015 at 19:02:42
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - REGINA-PC
# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater18.3.0

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhjjdgbhohaallcimgcmakfiobacimkm

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : 0215avUpdateInfo
[-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv

***** [ Registry ] *****

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\vShare
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKLM\SOFTWARE\W3I

***** [ Web browsers ] *****

[-] [C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Search Provided by Yahoo.com
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://search.yahoo.com/favicon.ico",
           "id" :"7",
           "image_url" :"",
           "image_url_post_params" :"",
           "input_encodings" :["UTF-8"],
           "instant_url" :"",
           "instant_url_post_params" :"",
           "keyword" :"Search Provided by Yahoo.com",
           "last_modified" :"0",
           "new_tab_url" :"",
           "originating_url" :"",
           "prepopulate_id" :0,
           "safe_for_autoreplace" :true,
           "search_terms_replacement_key" :"",
           "search_url_post_params" :"",
           "short_name" :"Search Provided by Yahoo",
           "suggestions_url" :"{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}",
           "suggestions_url_post_params" :"",
           "synced_guid" :"74750BF4-5036-91F2-AB57-4B5C6D7249AA",
           "url" :"hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_34&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_34&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : 48B39E587FE407C1B8518263F8131A40E78373F427193624C4891E727F9A58DD",
           "homepage_is_newtabpage" :"AD1A309473B70282A428D5B28F447006D2C0B7FD77984E5934EC3D72170FB394",
           "pinned_tabs" :"D3520D589A7A7C66C20267D66002D1A1C24320BBE600A952C7061DD80411C576",
           "prefs" :{
               "preference_reset_time" :"E58652AD87FAC2C294518EADE2339FD71BBDAD09D4B782BACF2845C619A5FED3"
           },
           "profile" :{
               "reset_prompt_memento" :"85EB0167C9B7C94A5BD79F270D8BE136086B01DD7B3C3336D2AF6FF88AA2EC52"
           },
           "safebrowsing" :{
               "incidents_sent" :"15C2D32DCFDB4E3CF32E71D8A86539EF58B8AEEE71702B2D1D427D3F8A3B307C"
           },
           "search_provider_overrides" :"8451557935445512258B96777145FD74440E81E06ED18B3D82F363F9684C5B0F",
           "session" :{
               "restore_on_startup" :"0A89BF386061F9F2E9C86A8881FB427747C14CF403315033EC399B26B2CF1789",
               "startup_urls" :"A49B85088DEAAC42BE5B6A0164B9C64C773070F4FB93D5352CB159BA3BA5D408"
           },
           "software_reporter" :{
               "prompt_reason" :"601B3F49BF988829D37F00F8ADEBF6BD712FB236B8BE46A4F89E42ED794EF7ED",
               "prompt_version" :"B7A583337E4AA53199C249AA95493D7539FF08ED780BCBBF2B481CA3771A930B"
           },
           "sync" :{
               "remaining_rollback_tries" :"4D0625FC30DA612D81E659FEC5476C28979554110EB823E3C8F87C722B3D2FA4"
           }
       },
       "super_mac" :"FDF3015275E01E286B771C462405CC58EC306865A325112C4CD18CDFCDD83183"
   },
   "default_search_provider_data" :{
       "template_url_data" :{
           "alternate_urls" :[],
           "created_by_policy" :false,
           "date_created" :"0",
           "favicon_url" :"hxxp://search.yahoo.com/favicon.ico",
           "id" :"7",
           "image_url" :"",
           "image_url_post_params" :"",
           "input_encodings" :["UTF-8"],
           "instant_url" :"",
           "instant_url_post_params" :"",
           "keyword" :"Search Provided by Yahoo.com",
           "last_modified" :"0",
           "new_tab_url" :"",
           "originating_url" :"",
           "prepopulate_id" :0,
           "safe_for_autoreplace" :true,
           "search_terms_replacement_key" :"",
           "search_url_post_params" :"",
           "short_name" :"Search Provided by Yahoo",
           "suggestions_url" :"{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}",
           "suggestions_url_post_params" :"",
           "synced_guid" :"74750BF4-5036-91F2-AB57-4B5C6D7249AA",
           "url" :"hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_34&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_34&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium

*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: IE policies deleted
:: Chrome policies deleted

########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [8611 bytes] ##########

#6
Pyxis

Posted 24 August 2015 - 07:39 PM

Trusted Helper

Malware Removal
1,228 posts

Can you generate fresh FRST logs for me? Don't forget to check the option for Additions. Use an account with administrative privileges.

#7
sg555

Posted 25 August 2015 - 01:15 PM

Member

Topic Starter
Member
52 posts

Here you go.

#8
sg555

Posted 25 August 2015 - 01:28 PM

Member

Topic Starter
Member
52 posts

Forget the last post. Here is the correct log.

Fix result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by Steve (2015-08-25 12:17:27) Run:3
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve (Available Profiles: Regina & Steve & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
EmptyTemp:
CreateRestorePoint:

Task: {260211EC-CE87-4B59-A5F0-E368B0C74D3B} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3FEF525C-E0CE-49C9-80B2-7540D0C42B78}.exe
Task: {34B9579E-7FEB-4829-8432-A3448C4BB65F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {4689B256-0CC0-43CD-9A73-058150E26FFC} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: {757D9935-A480-497F-9994-6774DBB04B30} - System32\Tasks\UpdateTask => C:\Users\Admin\AppData\Local\{4E2D7~1\UNINST~1.EXE [2015-08-17] ()
Task: {D252E99A-3D6C-42F1-A7B4-E6C331C9D3CE} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
Task: C:\Windows\Tasks\UpdateTask.job => 0x01060100D70EA4EE61DC28469202739BE7F43B984600DC000000000044440000200000000014730FDD0407800013040000208021DF0708000300130014002000000001000000330043003A005C00550073006500720073005C00410064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C007B00340045003200440037007E0031005C0055004E0049004E00530054007E0031002E00450058004500000007002F0043006800650063006B00000000000600410064006D0069006E0000000000000008000000000000000000010030000000D6070400040000000000000000002000A00500003C0000000000000001000000010000000000000000000000
2013-05-20 17:51 - 2014-03-02 12:34 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-12-31 17:45 - 2011-12-31 17:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-12-28 19:03 - 2015-03-07 18:19 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2015-08-12 20:34 - 2015-08-12 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-08-12 20:34 - 2015-08-12 20:34 - 00000000 ____D C:\Program Files (x86)\Coupons
2015-08-17 16:32 - 2015-08-17 16:32 - 00000000 ____D C:\Users\Admin\AppData\Local\{4E2D7871-6A85-14C9-071D-31212375CDB9}
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S2 HPSLPSVC; C:\Users\Steve\AppData\Local\Temp\7zS23AE\hpslpsvc64.dll [X]
S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
C:\Program Files (x86)\Common Files\AVG Secure Search
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_34&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium"
CHR DefaultSearchKeyword: Default -> 8446CD4FA3A6D74E4AF09F2A7DD9FDAB5E548931D69B41694A6696CB75FA7A22
CHR DefaultSearchURL: Default -> A8F4B5A5864403C70FB75909CADD79E989FC6E20C21755E57CDBE826AF6A430E
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\388aoruj.default\Extensions\[email protected] [2015-03-16]
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_bimmed_15_34&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEtDyCtCzzyCtAyB0CyEzzyEtCyBzztDtN0D0Tzu0StCtAtByEtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzyzzyDyE0B0D0AtGyByD0CtDtG0E0CyDtAtGyE0AyD0EtGyBtDtC0AtDtBzztByD0Ezzzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyEyCyDzz0C0C0FtG0D0BtBtBtGyE0B0A0DtGzy0DtCtDtGzz0AtC0E0AtByB0FyC0Bzz0E2QtN0A0LzuyE%26cr%3D771600185%26a%3Dwncy_bimmed_15_34%26os%3DWindows%2B7%2BHome%2BPremium
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-4104090456-942970366-3307904469-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4104090456-942970366-3307904469-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: bitsadmin /reset /allusers
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{260211EC-CE87-4B59-A5F0-E368B0C74D3B} => key not found.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34B9579E-7FEB-4829-8432-A3448C4BB65F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34B9579E-7FEB-4829-8432-A3448C4BB65F}" => key removed successfully
C:\Windows\System32\Tasks\PCDRScheduledMaintenance => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDRScheduledMaintenance" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4689B256-0CC0-43CD-9A73-058150E26FFC} => key not found.
C:\Windows\System32\Tasks\0215avUpdateInfo not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0215avUpdateInfo => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{757D9935-A480-497F-9994-6774DBB04B30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{757D9935-A480-497F-9994-6774DBB04B30}" => key removed successfully
C:\Windows\System32\Tasks\UpdateTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D252E99A-3D6C-42F1-A7B4-E6C331C9D3CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D252E99A-3D6C-42F1-A7B4-E6C331C9D3CE}" => key removed successfully
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Admin" => key removed successfully
C:\Windows\Tasks\PCDRScheduledMaintenance.job not found.
C:\Windows\Tasks\UpdateTask.job not found.
"C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml" => File/Folder not found.
"C:\ProgramData\Ament.ini" => File/Folder not found.
"C:\ProgramData\PKP_DLdu.DAT" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons" => File/Folder not found.
"C:\Program Files (x86)\Coupons" => File/Folder not found.
C:\Users\Admin\AppData\Local\{4E2D7871-6A85-14C9-071D-31212375CDB9} => moved successfully
PcdrNdisuio => service removed successfully
HPSLPSVC => service removed successfully
vToolbarUpdater18.3.0 => service not found.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Folder not found.
Chrome StartupUrls not found.
Chrome DefaultSearchKeyword not found.
Chrome DefaultSearchURL not found.
Chrome DefaultSuggestURL not found.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\388aoruj.default\Extensions\[email protected] => not found.
Firefox DefaultSearchEngine.US removed successfully
Firefox "homepage" removed successfully
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value not found.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value not found.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => key not found.
HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
"HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-4104090456-942970366-3307904469-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Folder not found.
HKLM\SOFTWARE\Policies\Google => key not found.

========= RemoveProxy: =========

HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {3E18FA51-44B3-4132-9691-074C0FD19C26}.
0 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 194.4 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 12:18:18 ====

#9
Pyxis

Posted 26 August 2015 - 02:31 AM

Trusted Helper

Malware Removal
1,228 posts

I meant the below:

Step 1

Run your copy of FRST by double-clicking it.
- Put a check on Addition.
- Press the Scan button after.
- It will produce FRST.txt and Addition.txt on your desktop once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.

Logs to Post

In summary of the above, I will need you to post the following log(s):
- Addition.txt (Farbar Recovery Scan Tool)
- FRST.txt (Farbar Recovery Scan Tool)

#10
sg555

Posted 26 August 2015 - 09:25 PM

Member

Topic Starter
Member
52 posts

Sorry about that. Here it is. Thanks again.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by Steve (2015-08-26 20:19:29)
Running from C:\Users\Steve\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Admin (S-1-5-21-4104090456-942970366-3307904469-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-4104090456-942970366-3307904469-500 - Administrator - Disabled)
Guest (S-1-5-21-4104090456-942970366-3307904469-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4104090456-942970366-3307904469-1002 - Limited - Enabled)
Regina (S-1-5-21-4104090456-942970366-3307904469-1001 - Limited - Enabled) => C:\Users\Regina
Steve (S-1-5-21-4104090456-942970366-3307904469-1003 - Administrator - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.02 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version: - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{F9F4430E-80DE-EC0F-BF8E-476352C8F954}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4830 - AVG Technologies)
AVG 2014 (Version: 14.0.4365 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4830 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
ccc-core-static (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
ChromecastApp (HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FrostWire 4.21.1 (HKLM-x32\...\FrostWire) (Version: 4.21.1.0 - FrostWire Team)
Glary Utilities 5.32 (HKLM-x32\...\Glary Utilities 5) (Version: 5.32.0.52 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.8.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP Photo Creations)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{24E01F02-4261-42B8-9BD9-80E5E6D64952}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{566BB063-0E28-4273-A748-690BE86A7E26}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7230) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG)
Nero 8 Essentials (HKLM-x32\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.16 - NETGEAR Inc.)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.1.0 - Nikon)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1931 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Seagate DiscWizard (HKLM-x32\...\{AC5BFE42-B72A-467C-B9B2-8BF77C6D4D70}) (Version: 16.0.5840 - Seagate)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4104090456-942970366-3307904469-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4104090456-942970366-3307904469-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4104090456-942970366-3307904469-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4104090456-942970366-3307904469-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

15-08-2015 19:21:16 Windows Update
16-08-2015 19:00:16 Windows Backup
19-08-2015 18:44:53 Windows Update
20-08-2015 03:00:23 Windows Update
23-08-2015 15:32:52 Windows Update
23-08-2015 19:00:10 Windows Backup
25-08-2015 12:17:31 Restore Point Created by FRST
26-08-2015 17:30:43 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05ECFC30-C8F0-4596-9E04-F2B94E01EB9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)
Task: {0A69AA88-46F9-40C4-BB88-B6B97F783EED} - System32\Tasks\HPCeeScheduleForSteve => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {139DA4B3-CD40-48EA-BE90-94604B77BA42} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-08-16] (Glarysoft Ltd)
Task: {1A39A1E2-E936-41B5-8E13-1BC4552D1CA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {36B0D09C-4C05-43BF-91AB-F85D73A02257} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4306C0FE-0667-4DD4-8778-9E2335DA844E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {4ED175EB-5323-419E-A00C-ABDEB9D5D986} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {55EEF9E5-A1DB-4AD0-915E-3C3FF8ABBF8D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003UA => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {5A6497E8-476E-42C8-8DBA-CF8E26D30E34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN19S2516M => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {689727D5-F159-46CF-B414-03264143347C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {69D7D276-4A22-4EE3-81B9-91D4E87BB7D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6EF55D5A-E5BC-4B82-987B-4438A8959844} - System32\Tasks\{741744D3-7268-43AD-84D1-F49344875C38} => C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
Task: {76D67CF7-8AAF-4826-976F-B5126ED9BCDA} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {7A7843AA-6534-4F0F-8C4E-F3487B5CE24F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {808259D2-32C4-40A8-B37C-A570A896AC86} - System32\Tasks\HPCeeScheduleForAdmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8EE694EA-F4F0-4DA4-B3A4-0A289E063CCC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {91F18C79-CD5F-4C61-9649-509B3D2FEBF3} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2012-03-30] ()
Task: {9FAB368E-F8F7-4DEA-91AC-D7B2B92FC966} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)
Task: {B0AB36CB-5BA1-473C-8283-BDC9078B59E7} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C89DA69C-1390-4ED7-96A6-326E40538396} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-08-16] (Glarysoft Ltd)
Task: {D18E5371-00BA-4F5E-B165-EFC04E727328} - System32\Tasks\hpUrlLauncher.exe_{6A615458-36D9-4058-B0C6-6EB3A9C8E82D} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe
Task: {DE463C6D-5B8D-4D89-AF86-AE24B4F23DDC} - System32\Tasks\{9E71131C-EBAD-48A4-B4E0-059B09F3FF57} => C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
Task: {EE7672B7-72C7-4751-A3B8-2EBD658E8836} - System32\Tasks\GoogleUpdateTaskMachineCore1d0562650c58ac9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)
Task: {EF1A3863-9D0E-4732-8107-40E54A2B9EC8} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {F12DFDCE-98DE-4AAC-95EB-79B8F30CA149} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F5B976FD-920B-4189-858D-7B682586CB5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core1d056e441f18695 => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-27] (Google Inc.)
Task: {FF3D1075-B80D-422D-AA23-02FECF8975A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0562650c58ac9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core1d056e441f18695.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003UA.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAdmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSteve.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-23 00:10 - 2008-09-30 19:59 - 00192512 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
2009-07-08 15:35 - 2009-07-08 15:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-11-14 06:12 - 2013-11-14 06:12 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2012-03-30 09:57 - 2012-03-30 09:57 - 00170152 _____ () C:\ProgramData\HP Photo Creations\MessageCheck.exe
2010-06-30 00:12 - 2010-06-30 00:12 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-06-30 00:12 - 2010-06-30 00:12 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 18:14 - 2013-09-28 18:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2013-12-06 01:04 - 2013-12-06 01:04 - 00465920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-12-05 04:36 - 2013-12-05 04:36 - 01547776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-11-10 18:59 - 2013-11-10 18:59 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-12-05 04:37 - 2013-12-05 04:37 - 00631808 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-12-05 22:55 - 2013-12-05 22:55 - 04956160 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 02:05 - 2013-11-13 02:05 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-10 18:58 - 2013-11-10 18:58 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-10 19:09 - 2013-11-10 19:09 - 01174528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-12-05 04:31 - 2013-12-05 04:31 - 08558592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-12-05 04:34 - 2013-12-05 04:34 - 01270272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-10 18:59 - 2013-11-10 18:59 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-12-06 00:57 - 2013-12-06 00:57 - 00199680 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-12-05 04:43 - 2013-12-05 04:43 - 00884736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-10 19:21 - 2013-11-10 19:21 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-10 18:58 - 2013-11-10 18:58 - 00078848 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00140288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2013-11-14 01:56 - 2013-11-14 01:56 - 00267756 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-12-05 04:43 - 2013-12-05 04:43 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-10 19:24 - 2013-11-10 19:24 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-10 19:23 - 2013-11-10 19:23 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-10 18:56 - 2013-11-10 18:56 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 18:13 - 2013-09-28 18:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 18:36 - 2010-05-07 18:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-03-13 20:35 - 2015-03-13 20:35 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\7d521e583439ddf659b36d5f281ca646\IsdiInterop.ni.dll
2010-06-11 13:14 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-04-04 21:33 - 2015-05-27 18:43 - 03350640 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-04-04 21:33 - 2015-05-27 18:43 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-04-04 21:33 - 2015-05-27 18:43 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1001movie.com -> 1001movie.com

There are 6092 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Regina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{2B0AF209-1555-4756-B4A0-69D3D73CC1F5}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{3B7B3369-5038-4730-ADF8-36F0240309C4}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2015 05:01:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 6.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (08/26/2015 05:01:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   19 6.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

Error: (08/25/2015 07:10:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 6.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (08/25/2015 07:10:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   19 6.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

Error: (08/25/2015 07:10:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 2.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (08/25/2015 07:10:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.2:5353   19 2.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

Error: (08/25/2015 02:58:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 6.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (08/25/2015 02:58:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   19 6.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

Error: (08/25/2015 12:20:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 6.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (08/25/2015 12:20:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   19 6.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

System errors:
=============
Error: (08/26/2015 05:33:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/25/2015 12:21:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/25/2015 12:18:21 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (08/25/2015 12:17:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (08/25/2015 12:17:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/25/2015 12:17:51 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (08/25/2015 12:17:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/25/2015 12:17:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/25/2015 12:17:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/25/2015 12:17:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nero BackItUp Scheduler 3 service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office:
=========================
Error: (01/16/2012 09:22:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/18/2010 03:12:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 312 seconds with 240 seconds of active time. This session ended with a crash.

CodeIntegrity:
===================================
Date: 2012-03-09 19:33:07.864
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:33:07.824
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:55.792
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:55.752
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.891
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.861
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.351
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.311
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:24.768
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:24.728
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 24%
Total physical RAM: 8183.08 MB
Available physical RAM: 6209.13 MB
Total Virtual: 16364.37 MB
Available Virtual: 12862.18 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:915 GB) (Free:762.96 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:16.41 GB) (Free:5.49 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive h: (HP) (Fixed) (Total:686.23 GB) (Free:656.88 GB) NTFS
Drive i: (FACTORY_IMAGE) (Fixed) (Total:12.31 GB) (Free:1.39 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 17D88420)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.4 GB) - (Type=07 NTFS)

==================== End of FRST.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015
Ran by Steve (administrator) on REGINA-PC (26-08-2015 20:18:52)
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve (Available Profiles: Regina & Steve & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Logitech, Inc.) C:\Users\Steve\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Steve\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
() C:\ProgramData\HP Photo Creations\MessageCheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400376 2013-10-30] (Seagate)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5212072 2015-07-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [Google Update] => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-27] (Google Inc.)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [HP Photosmart 7510 series (NET)] => "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19S2516M05T5:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2014-03-01]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 7510 series\bin\HPStatusBL.dll (No File)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{88786135-6BA9-4FD6-B945-887056AE4746}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B632F6BD-3E77-4DA9-BB2D-A244E962DA21}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n4erpnlo.default-1427331495244
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4104090456-942970366-3307904469-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4104090456-942970366-3307904469-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-21] (Apple Inc.)
FF Extension: Ghostery - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n4erpnlo.default-1427331495244\Extensions\[email protected] [2015-03-25]
FF Extension: NoScript - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n4erpnlo.default-1427331495244\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-25]
FF Extension: Adblock Plus - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\n4erpnlo.default-1427331495244\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-08-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-08-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-08-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-12-31]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Cast) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-06-12]
CHR Extension: (Adblock Plus) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3259304 2015-07-29] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2015-07-29] (AVG Technologies CZ, s.r.o.)
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-12] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [276960 2015-05-18] (AVG Technologies CZ, s.r.o.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-08-19] (Glarysoft Ltd)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-01-13] (CACE Technologies, Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-03-09] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-03-09] (Acronis)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-03-09] (Acronis International GmbH)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 20:18 - 2015-08-26 20:19 - 00021632 _____ C:\Users\Steve\Desktop\FRST.txt
2015-08-24 17:40 - 2015-08-24 17:40 - 00000000 ____D C:\Users\Steve\Desktop\FRST-OlderVersion
2015-08-20 19:00 - 2015-08-24 17:54 - 00000000 ____D C:\AdwCleaner
2015-08-20 18:58 - 2015-08-20 18:58 - 01605632 _____ C:\Users\Steve\Desktop\AdwCleaner.exe
2015-08-20 03:00 - 2015-08-10 18:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 03:00 - 2015-08-10 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 03:00 - 2015-08-10 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 03:00 - 2015-08-10 17:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 21:24 - 2015-08-26 20:18 - 00000000 ____D C:\FRST
2015-08-19 21:24 - 2015-08-24 17:40 - 02186752 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2015-08-19 20:37 - 2015-08-19 20:37 - 15239080 _____ C:\Users\Admin\Downloads\Glary_Utilities_v5.32.0.52.exe
2015-08-17 16:32 - 2015-08-17 16:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Chromium
2015-08-17 16:32 - 2015-08-17 16:31 - 01200163 _____ C:\Users\Admin\Downloads\7zip.exe
2015-08-14 18:52 - 2015-08-17 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-12 03:12 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:12 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 19:26 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 19:26 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 19:26 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 19:26 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 19:26 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 19:26 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 19:26 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 19:26 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 19:26 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 19:26 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-11 19:26 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 19:26 - 2015-07-16 12:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 19:26 - 2015-07-16 12:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-11 19:26 - 2015-07-16 12:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 19:26 - 2015-07-15 11:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 19:26 - 2015-07-15 11:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 19:26 - 2015-07-15 11:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 19:26 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 19:26 - 2015-07-15 11:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 19:26 - 2015-07-15 11:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 19:26 - 2015-07-15 11:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 19:26 - 2015-07-15 11:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 19:26 - 2015-07-15 11:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 19:26 - 2015-07-15 11:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 19:26 - 2015-07-15 11:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 19:26 - 2015-07-15 11:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 19:26 - 2015-07-15 11:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 19:26 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 19:26 - 2015-07-15 11:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 19:26 - 2015-07-15 11:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 19:26 - 2015-07-15 11:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 19:26 - 2015-07-15 11:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 19:26 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 19:26 - 2015-07-15 10:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 19:26 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 19:26 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 19:26 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 19:26 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 19:26 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 19:26 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 19:26 - 2015-07-15 10:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 19:26 - 2015-07-15 10:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 19:26 - 2015-07-15 10:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 19:26 - 2015-07-15 10:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 19:26 - 2015-07-15 10:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 19:26 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 19:26 - 2015-07-15 10:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 19:26 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 19:26 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 09:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 19:26 - 2015-07-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 19:26 - 2015-07-15 09:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 19:26 - 2015-07-15 09:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 19:26 - 2015-07-15 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 19:26 - 2015-07-15 09:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 09:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 09:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 19:26 - 2015-07-15 09:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 19:26 - 2015-07-11 06:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-11 19:25 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 19:25 - 2015-07-30 11:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 19:25 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 19:25 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 19:25 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 19:25 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 19:25 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 19:25 - 2015-07-30 10:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 19:25 - 2015-07-30 09:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 19:25 - 2015-07-30 09:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 19:25 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 19:25 - 2015-07-20 17:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 19:25 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 19:25 - 2015-07-20 11:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 19:25 - 2015-07-20 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 19:25 - 2015-07-20 11:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 19:25 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 19:25 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 19:25 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 19:25 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 19:25 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 19:25 - 2015-07-16 13:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 19:25 - 2015-07-16 13:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 19:25 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 19:25 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 19:25 - 2015-07-16 13:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 19:25 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 19:25 - 2015-07-16 13:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 19:25 - 2015-07-16 13:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 19:25 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 19:25 - 2015-07-16 13:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 19:25 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 19:25 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 19:25 - 2015-07-16 13:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 19:25 - 2015-07-16 13:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 19:25 - 2015-07-16 13:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 19:25 - 2015-07-16 13:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 19:25 - 2015-07-16 13:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 19:25 - 2015-07-16 13:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 19:25 - 2015-07-16 12:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 19:25 - 2015-07-16 12:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 19:25 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 19:25 - 2015-07-16 12:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 19:25 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 19:25 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 19:25 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 19:25 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 19:25 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 19:25 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 19:25 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 19:25 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 19:25 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 19:25 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 19:25 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 19:25 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 19:25 - 2015-07-16 12:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 19:25 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 19:25 - 2015-07-16 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 19:25 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 19:25 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 19:25 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 19:25 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 19:25 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 19:25 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 19:25 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 19:25 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 19:25 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 19:25 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 19:25 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 19:25 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 19:25 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 19:25 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 19:25 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 19:25 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 19:25 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 19:25 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 19:25 - 2015-07-14 20:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 19:25 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 19:25 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 19:25 - 2015-07-14 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 19:25 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 19:25 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 19:25 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 19:25 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 19:25 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 19:25 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 19:25 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 19:25 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 19:25 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 19:25 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 19:25 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 19:25 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 19:25 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 19:25 - 2015-05-09 11:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-02 20:58 - 2015-08-25 12:19 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-02 20:56 - 2015-08-02 20:56 - 04184064 _____ (BrightFort LLC ) C:\Users\Admin\Downloads\spywareblastersetup52.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 20:15 - 2009-07-13 21:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-26 20:15 - 2009-07-13 21:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-26 20:14 - 2010-10-17 22:43 - 00000000 ____D C:\ProgramData\MFAData
2015-08-26 20:10 - 2015-03-11 20:13 - 01398296 _____ C:\Windows\WindowsUpdate.log
2015-08-26 20:10 - 2015-03-04 18:32 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core1d056e441f18695.job
2015-08-26 20:10 - 2012-03-29 21:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-26 20:10 - 2012-01-01 17:45 - 00000324 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-08-26 20:10 - 2011-08-26 19:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-26 20:10 - 2010-04-20 22:30 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-08-26 17:16 - 2011-08-26 19:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-26 17:01 - 2015-03-04 18:35 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-26 17:01 - 2013-08-27 21:38 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core.job
2015-08-25 12:25 - 2009-07-13 22:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-25 12:19 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-25 12:12 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-25 12:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-08-24 17:50 - 2012-09-09 12:49 - 00000000 ____D C:\Users\Steve\AppData\Local\NETGEARGenie
2015-08-24 17:43 - 2012-07-28 12:31 - 00002804 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-24 17:43 - 2009-12-28 20:20 - 00000280 __RSH C:\Users\Steve\ntuser.pol
2015-08-24 17:43 - 2009-12-28 20:20 - 00000000 ____D C:\Users\Steve
2015-08-24 17:42 - 2015-03-11 20:44 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForAdmin.job
2015-08-23 13:41 - 2015-03-11 20:44 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAdmin
2015-08-23 13:40 - 2009-12-29 19:38 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-08-23 07:18 - 2015-03-15 18:40 - 00003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSteve
2015-08-23 07:18 - 2015-03-15 18:40 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForSteve.job
2015-08-19 20:44 - 2015-03-15 20:19 - 00000000 ____D C:\ProgramData\ProductData
2015-08-19 20:38 - 2015-03-25 16:48 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2015-08-19 20:38 - 2015-03-25 16:48 - 00003314 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2015-08-19 20:38 - 2015-03-25 16:48 - 00002974 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2015-08-19 20:38 - 2015-03-25 16:48 - 00001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-08-19 20:38 - 2015-03-25 16:48 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-08-17 16:32 - 2011-11-12 18:06 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-17 12:17 - 2012-04-29 18:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-12 19:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 03:31 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 03:31 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:31 - 2009-07-13 21:45 - 00441256 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:29 - 2015-03-13 04:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:29 - 2015-03-13 04:03 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 03:13 - 2010-03-09 07:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 03:12 - 2013-03-14 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 03:05 - 2013-08-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:01 - 2010-01-10 10:36 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 23:27 - 2012-03-29 21:54 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 23:27 - 2012-03-29 21:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 23:27 - 2011-05-15 15:13 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-08 08:43 - 2013-12-01 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-08 08:43 - 2013-10-19 09:18 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2015-08-05 09:25 - 2009-12-22 23:50 - 00000000 ____D C:\Windows\Panther
2015-08-05 09:21 - 2015-07-10 06:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-02 20:58 - 2013-12-02 09:10 - 00001081 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-08-02 20:58 - 2010-06-03 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-08-02 20:58 - 2010-06-03 18:28 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-08-02 20:58 - 2009-12-23 00:03 - 00000000 ____D C:\ProgramData\Temp
2015-07-31 23:05 - 2010-04-25 09:53 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2013-11-14 13:20 - 2013-11-14 13:26 - 0000000 _____ () C:\Users\Steve\AppData\Roaming\bitlord_log.txt
2011-06-05 12:03 - 2011-06-05 12:03 - 0000122 _____ () C:\Users\Steve\AppData\Roaming\wklnhst.dat
2013-11-14 14:23 - 2013-11-14 14:23 - 0136531 _____ () C:\Users\Steve\AppData\Local\ars.cache
2013-11-14 14:23 - 2013-11-14 14:23 - 0305059 _____ () C:\Users\Steve\AppData\Local\census.cache
2010-11-23 09:30 - 2010-11-23 09:30 - 0000036 _____ () C:\Users\Steve\AppData\Local\housecall.guid.cache
2015-03-17 12:57 - 2015-03-17 12:58 - 0039253 _____ () C:\Users\Steve\AppData\Local\tmp207 GREAT GABLE.0
2015-03-17 12:58 - 2015-03-17 12:58 - 0014617 _____ () C:\Users\Steve\AppData\Local\tmp207 GREAT GABLE.JPG
2009-12-28 19:03 - 2009-12-28 19:03 - 0000268 ___RH () C:\ProgramData\Grapher
2009-12-28 19:03 - 2009-12-28 19:03 - 0000012 ___RH () C:\ProgramData\Halftone

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-22 22:06

==================== End of FRST.txt ===============

#11
Pyxis

Posted 27 August 2015 - 12:00 AM

Trusted Helper

Malware Removal
1,228 posts

Step 1

The current anti-virus you have in your system is subpar either in terms of actual protection or resource consumption. As such, I recommend replacing it with a free alternative. If this interests you, begin by uninstalling your current anti-virus by going to Control Panel > Programs and Features > Uninstall a Program. You may need the following if it applies to your current anti-virus:
- AVG Remover ('32-bit' | '64-bit')
- McAfee Consumer Product Removal (MCPR) Tool ('32-bit and 64-bit')
After, please choose only one from the list below and install it. Note that the names lead to the respective sites.
- avast! Free Antivirus
  - Spoiler
    Download 'Avast Free Antivirus by AVAST Software' and save it to your desktop.
    Run the installer.
    Uncheck the two checkboxes. Select Custom installation > Continue.
    Choose components that you would like to install--I recommend unchecking Mail Shield (unless you have an email client like Microsoft Outlook or Mozilla Thunderbird) and everything underneath Tools.
    Press Continue for the next prompts.
    Click Done and wait for the initial scan to complete.
    You can navigate to the Account tab in order to register your copy.
    Additionally, you can add the program to your System Tray (lower right corner with icons).
    Click the arrow icon. Drag Avast's icon onto the area with existing icons.
- Avira Free Antivirus
  - Spoiler
    Download 'Avira Free Antivirus by Avira Operations GmbH & Co. KG' and save it to your desktop.
    Run the installer.
    Choose Custom and uncheck the first box. Read and accept the EULA.
    Press Next twice. Choose components that you would like to install--I recommend unchecking Mail Protection (unless you have an email client like Microsoft Outlook or Mozilla Thunderbird), Windows Firewall, ProActiv, and Web Protection.
    Press Next for the next prompts. You may or may not choose to register.
    Click Finish and wait for the initial scan to complete.
    Once done, click Fix all to update the database.
    Go back to Control Panel > Programs and Features > Uninstall a Program.
    Uninstall Avira (not Avira Antivirus).
    Additionally, you can add the program to your System Tray (lower right corner with icons).
    Click the arrow icon. Drag Avira's icon onto the area with existing icons.
Note: Disable Windows Defender before or after the process by following Option One ('Windows 7' | 'Windows 8' | 'Windows 10').

Step 2

Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
- Double-click mbam-setup-*.exe and proceed to installing the program.
  - Accept the License Agreement.
  - At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium unless you wish to try it out.
  - Click Finish after.
- Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
  - Tick the Scan For Rootkits box.
- Go back to the Dashboard and select Update Now. Click Scan Now after.
  - Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
  - Once the scan is complete, click Apply Actions.
  - If you are prompted to reboot, allow it by pressing Yes.
- Once your system has rebooted, navigate to the program's History tab to retrieve the log.
  - Go to Application Logs. Under the Type column, click on the most recent Scan Log.
  - Export the log to your desktop as a *.txt file.
  - You can also choose to directly copy the log by selecting Copy to Clipboard.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

Step 3

Download 'SecurityCheck by screen317' and save it to your desktop.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- A black window will appear. Press any key to continue.
- Wait for it to finish. It won't take long.
- A log will automatically pop-up after once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
Note: If you get an error about an unsupported operating system, please reboot your computer and try again.

Logs to Post

In summary of the above, I will need you to post the following log(s):
- checkup.txt (SecurityCheck)
- mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)

#12
sg555

Posted 27 August 2015 - 09:44 PM

Member

Topic Starter
Member
52 posts

Here are the logs. I deleted AVG and downloaded Avast. I already have Malwarebytes Premium. Thanks again for your help.

MBam log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/27/2015
Scan Time: 8:02 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.28.01
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 491434
Time Elapsed: 24 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Checkup log.

Results of screen317's Security Check version 1.008
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.2
Java version 32-bit out of Date!
Adobe Flash Player 18.0.0.232
Adobe Reader XI
Mozilla Firefox (40.0.3)
Mozilla Thunderbird 31.7.0 Thunderbird out of Date!
Google Chrome (44.0.2403.155)
Google Chrome (44.0.2403.157)
Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#13
Pyxis

Posted 28 August 2015 - 04:28 AM

Trusted Helper

Malware Removal
1,228 posts

Step 1

You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.
- Java Runtime Environment -- Update
Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.

Thank you for your cooperation. Your logs show no sign of infection. Congratulations, your system is now clean. :thumbsup:

Below are the last few steps for you to accomplish.

► Remove Temporary Files with TFC by OldTimer

Download 'TFC by OldTimer' and save it to your desktop.
- Ensure all programs and windows are closed before proceeding.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Click the Start button and wait for the process to complete.
- You will be prompted to reboot. Please allow it by choosing Yes.

► Remove Special Tools with DelFix by Xplode

Download 'DelFix by Xplode' and save it to your desktop.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Ensure the following options are checked:
  - Remove disinfection tools
  - Create registry backup
  - Purge system restore
- Press Run.
- A log will automatically pop-up. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

#14
sg555

Posted 28 August 2015 - 07:05 PM

Member

Topic Starter
Member
52 posts

Here is the log.

Thanks for your help. Glad to know everything is clean.

# DelFix v1.011 - Logfile created 28/08/2015 at 18:02:07
# Updated 18/08/2015 by Xplode
# Username : Steve - REGINA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Steve\Desktop\FRST-OlderVersion
Deleted : C:\Users\Steve\Desktop\Addition.txt
Deleted : C:\Users\Steve\Desktop\AdwCleaner.exe
Deleted : C:\Users\Steve\Desktop\Fixlog.txt
Deleted : C:\Users\Steve\Desktop\FRST.txt
Deleted : C:\Users\Steve\Desktop\FRST64.exe
Deleted : C:\Users\Steve\Downloads\FRST.txt
Deleted : C:\Users\Steve\Downloads\SecurityCheck.exe
Deleted : C:\Users\Steve\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #477 [Windows Backup | 08/17/2015 02:00:16]
Deleted : RP #478 [Windows Update | 08/20/2015 01:44:53]
Deleted : RP #479 [Windows Update | 08/20/2015 10:00:23]
Deleted : RP #480 [Windows Update | 08/23/2015 22:32:52]
Deleted : RP #481 [Windows Backup | 08/24/2015 02:00:10]
Deleted : RP #483 [Restore Point Created by FRST | 08/25/2015 19:17:31]
Deleted : RP #484 [Windows Update | 08/27/2015 00:30:43]
Deleted : RP #485 [avast! antivirus system restore point | 08/28/2015 02:27:04]
Deleted : RP #486 [Removed Java 8 Update 51 (64-bit) | 08/29/2015 00:41:24]

New restore point created !

########## - EOF - ##########

#15
Pyxis

Posted 29 August 2015 - 07:33 AM

Trusted Helper

Malware Removal
1,228 posts

I will now proceed to giving to tips on how to maintain your system as it is. Anytime you encounter an infection again, please do not hesitate to go back here at Geeks to Go.

► Remove, Disable, or Update Java

As Java is the 'most exploited program at this time', I recommend that you remove it unless you need it. If so, it is prudent to 'disable it in your web browser(s)' while ensuring your copy is always up-to-date. Older versions are prone to exploits and vulnerabilities.

Download the latest 'Java' installation and save it to your desktop.
- You need to uninstall any previous Java installations.
  - For Windows XP: Navigate to Start > Control Panel > Add or Remove Programs.
  - For Windows Vista: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
  - For Windows 7: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
  - For Windows 8: Navigate to Start > Start Context Menu > Programs and Features or Uninstall a Program.
- Search the list for previous installations of Java such as all versions below:
  - Java™ 8 Update 60
- Proceed to uninstalling the old versions and install the one you've just downloaded.

► Update Your Anti-Virus Every Day

★ Updating

Ensuring that you have one anti-virus installed in your system is a good way to prevent being infected. You must always make sure to update your anti-virus every day; anti-virus companies see to to it that the latest definition updates are distributed to be up to par with the propagation of malware. Your anti-virus is useless if you do not update it.

★ Scanning

Set a scanning routine. Ensure that you do a full scan with your anti-virus monthly. This is part of maintaining a clean system--a scanning routine proves to be effective. You can never be sure when your computer has caught an infection.

If you have any unresolved issues with regard to this thread or you need more :help: