Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 PC Slow, possible Chrome infection, Microsoft Security Essen

windows 7 chrome slow PC Microsoft Security Essentials error

  • This topic is locked This topic is locked

#1
kdokeeffe

kdokeeffe

    Member

  • Member
  • PipPip
  • 41 posts

Hello -I would like help to see if there is an infection. Microsoft Security Essentials fails to run a full scan. Chrome takes a long time to get going. Eventually things work okay but I wonder what's going on in the background.

 

I have not taken steps trying to remove yet. Thanks for any guidance!

 

-Kieran

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:08-10-2015

Ran by Kieran (administrator) on DELL (09-10-2015 00:33:32)
Running from C:\Users\Kieran\Desktop
Loaded Profiles: Kieran (Available Profiles: Kieran)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Kieran\AppData\Local\Apps\F.lux\flux.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Kieran\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
(Dropbox, Inc.) C:\Users\Kieran\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files\Dell Update\DellUpService.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(RPA Technology) C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
(Dell Inc.) C:\Program Files\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd.) C:\Users\Kieran\Downloads\DTLiteInstaller.exe
() C:\Users\Kieran\AppData\Local\Temp\AppDownloader.exe
(Disc Soft Ltd) C:\Users\Kieran\AppData\Local\Temp\DAEMON Tools Lite.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\System32\drvinst.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [CTxfiHlp] => C:\Windows\system32\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Syncios device service] => C:\Program Files\Syncios\SynciosDeviceService.exe [578048 2013-07-12] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-06-26] (Adobe Systems Inc.)
HKLM\...\Run: [AgentMonitor] => C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-06-26] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-15] (Apple Inc.)
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [F.lux] => C:\Users\Kieran\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\Kieran\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [Spotify Web Helper] => C:\Users\Kieran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-02] (Spotify Ltd)
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [Dropbox Update] => C:\Users\Kieran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\MountPoints2: N - N:\InnoTabSetup.exe
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\MountPoints2: {b6a03317-7235-11e3-a6dc-001d0926607d} - N:\InnoTabSetup.exe
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk [2014-02-01]
ShortcutTarget: Air Mouse.lnk -> C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe ()
Startup: C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E6409CA6-AABC-4F07-B3F8-BD75EB5DB0C0}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ie/?gws_rd=cr,ssl&ei=uH5WVNSSIa_B7Aa_tIDYBg
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ie.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-81080661-2735187969-2813279678-1000 -> DefaultScope {4C0071C9-2134-4ADC-9A41-A4427AE59D28} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-81080661-2735187969-2813279678-1000 -> {4C0071C9-2134-4ADC-9A41-A4427AE59D28} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-81080661-2735187969-2813279678-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Kieran\AppData\Roaming\Mozilla\Firefox\Profiles\ol4r8p3r.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-81080661-2735187969-2813279678-1000: @emusic.com/eMusicPlugin DLM6 -> C:\Program Files\eMusic Download Manager 6\npEMusic604.dll No File
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://athp.hp.com/
CHR StartupUrls: Default -> ""
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Profile: C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-08-31]
CHR Extension: (Simple Pomodoro®) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blidjjfbdbkcmegfnidmgndgdamhhelp [2014-11-03]
CHR Extension: (Archiver for Gmail) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohfahbhaioeaildanonpalaengldgfh [2014-07-02]
CHR Extension: (Adblock Plus) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-12]
CHR Extension: (Remember The Milk) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2014-07-02]
CHR Extension: (Google Tips) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2014-07-02]
CHR Extension: (Lumin - Best Document Viewer) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkidnlfklnjanneifjjojofckpcogcl [2014-07-02]
CHR Extension: (Google News) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-10-10]
CHR Extension: (Google Play Music) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-03-12]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-11-03]
CHR Extension: (Twimbow) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpbopilbcmejafedlfiigcjphbpeppim [2014-07-02]
CHR Extension: (AveComics) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggncelbmgenbbikhkabboaekdncdikga [2013-03-05]
CHR Extension: (Google Docs Offline) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2015-08-27]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2015-03-20]
CHR Extension: (Tomatoes) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijbhneeenepenoolcdalnekggeialeo [2014-07-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Googulator) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchmgljjkaeadokijkhefbhpfbihhhda [2014-07-02]
CHR Extension: (Google Play Last.fm Scrobbler) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpepekkleeoeiloijhcafgpjdnhhcbl [2013-10-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Save to Pocket) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Mural.ly) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhlnnalackljjehlfocmheepffkiihf [2013-09-04]
CHR Extension: (https://play.google....listen?u=0#albu) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocoaoipbenclpaelbkeokhbglpbgddim [2012-08-01]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2014-11-02]
CHR Extension: (Smartsheet Gantt Timeline) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombblocnifnjdajdhnhfiefjkaolnibl [2013-10-30]
CHR Extension: (Browsec) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2015-09-11]
CHR Extension: (RealtimeBoard: Whiteboard for Collaboration) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfmbdmhambgleempeofcjjhjclimccg [2015-08-17]
CHR Extension: (Gmail) - C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-06]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\System32\jmdp\pnte.crx <not found>
CHR HKU\S-1-5-21-81080661-2735187969-2813279678-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-07-16] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1962192 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [184528 2015-05-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [20688 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [22192 2015-05-22] (Dell Computer Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-10-09] (Disc Soft Ltd)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKslf255c0e6; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DDAF0EDA-C914-44FF-B733-A31074F128E3}\MpKslf255c0e6.sys [39168 2015-10-09] (Microsoft Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-09 00:35 - 2015-10-09 00:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Piano 2.6
2015-10-09 00:34 - 2015-10-09 00:34 - 00416143 _____ C:\Users\Kieran\Downloads\Electronic_Piano.zip
2015-10-09 00:34 - 2015-10-09 00:34 - 00000000 ____D C:\Program Files\Disc Soft
2015-10-09 00:33 - 2015-10-09 00:35 - 00027013 _____ C:\Users\Kieran\Desktop\FRST.txt
2015-10-09 00:32 - 2015-10-09 00:35 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-10-09 00:32 - 2015-10-09 00:33 - 00000000 ____D C:\FRST
2015-10-09 00:32 - 2015-10-09 00:32 - 00025016 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-10-09 00:30 - 2015-10-09 00:30 - 01698304 _____ (Farbar) C:\Users\Kieran\Desktop\FRST.exe
2015-10-09 00:12 - 2015-10-09 00:12 - 01709792 _____ (Disc Soft Ltd.) C:\Users\Kieran\Downloads\DTLiteInstaller.exe
2015-10-09 00:06 - 2015-10-09 00:07 - 18509368 _____ (Adobe Systems Inc.) C:\Users\Kieran\Downloads\AdobeAIRInstaller (3).exe
2015-10-08 19:01 - 2015-10-08 19:01 - 00000000 ___HD C:\OneDriveTemp
2015-10-03 22:34 - 2015-10-03 22:34 - 00014969 _____ C:\Users\Kieran\Downloads\[kat.cr]over.your.cities.grass.will.grow.anselm.kiefer.sophie.fiennes.2010.torrent
2015-10-03 01:39 - 2015-10-03 01:39 - 00000000 ____D C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-02 20:41 - 2015-10-02 20:41 - 00000000 ____D C:\Users\Kieran\AppData\Local\GWX
2015-10-01 23:30 - 2015-10-01 23:30 - 00022760 _____ C:\Users\Kieran\Downloads\[kat.cr]marvels.agents.of.shield.3x01.hdtv.x264.killers.vtv.torrent
2015-09-24 20:58 - 2015-09-24 21:02 - 00034816 ___SH C:\Users\Kieran\Desktop\Thumbs.db
2015-09-24 20:27 - 2015-09-24 20:27 - 00010829 _____ C:\Users\Kieran\Downloads\@U2's Guide to U2's Dublin.kmz
2015-09-24 01:29 - 2015-10-08 18:57 - 00000560 _____ C:\Windows\setupact.log
2015-09-24 01:29 - 2015-09-24 01:29 - 00000000 _____ C:\Windows\setuperr.log
2015-09-24 01:09 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-09-24 01:09 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-09-24 01:08 - 2015-08-05 18:47 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-24 01:08 - 2015-08-05 18:47 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-24 01:08 - 2015-08-05 18:41 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-24 01:08 - 2015-08-05 18:41 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-24 01:08 - 2015-08-05 18:41 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-24 01:08 - 2015-08-05 18:41 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-24 01:08 - 2015-08-05 18:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-24 01:08 - 2015-08-05 18:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-24 01:08 - 2015-08-05 18:41 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-24 01:08 - 2015-08-05 18:40 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-24 01:08 - 2015-08-05 18:40 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-24 01:08 - 2015-08-05 18:40 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-24 01:08 - 2015-08-05 18:40 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-24 01:08 - 2015-08-05 18:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-24 01:08 - 2015-08-05 18:40 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-24 01:08 - 2015-08-05 18:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-24 01:08 - 2015-08-05 18:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-09-24 01:08 - 2015-08-05 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-24 01:08 - 2015-08-05 18:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-24 01:08 - 2015-08-05 18:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-24 01:08 - 2015-08-05 18:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-24 01:08 - 2015-08-05 17:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-09-24 01:08 - 2015-08-05 17:33 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-24 01:08 - 2015-08-05 17:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-24 01:08 - 2015-08-05 17:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-23 19:06 - 2015-09-23 19:06 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-23 19:06 - 2015-09-23 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-23 19:04 - 2015-09-23 19:04 - 00000000 ____D C:\Program Files\iPod
2015-09-23 18:59 - 2015-09-23 18:59 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-23 18:59 - 2015-09-23 18:59 - 00000000 ____D C:\Program Files\Apple Software Update
2015-09-22 20:10 - 2015-09-22 20:10 - 00001004 _____ C:\Users\Kieran\Desktop\TagScanner.lnk
2015-09-22 20:09 - 2015-09-22 20:09 - 01938023 _____ (Sergey Serkov ) C:\Users\Kieran\Downloads\tagscan5.1.668setup.exe
2015-09-20 23:38 - 2015-09-20 23:38 - 00012648 _____ C:\Users\Kieran\Downloads\[kat.cr]the.jungle.book.1967.1080p.bluray.x264.aac.ozlem (1).torrent
2015-09-20 23:37 - 2015-09-20 23:37 - 00012648 _____ C:\Users\Kieran\Downloads\[kat.cr]the.jungle.book.1967.1080p.bluray.x264.aac.ozlem.torrent
2015-09-20 23:02 - 2015-09-20 23:02 - 00105121 _____ C:\Users\Kieran\Downloads\The+Jungle+Book+1967+720p+BRRip+x264-PLAYNOW.torrent
2015-09-16 01:06 - 2015-09-16 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
2015-09-16 01:03 - 2015-09-16 01:04 - 15963960 _____ (Last.fm ) C:\Users\Kieran\Downloads\Last.fm-2.1.37 (1).exe
2015-09-16 00:39 - 2015-09-16 00:39 - 00051697 _____ C:\Users\Kieran\Downloads\Michel+Thomas+-+Learn+Spanish+%28All+8+CDs%29.torrent
2015-09-16 00:32 - 2015-09-16 00:32 - 00033048 _____ C:\Users\Kieran\Downloads\[kat.cr]my.little.pony.equestria.girls.rainbow.rocks.soundtrack.torrent
2015-09-16 00:32 - 2015-09-16 00:32 - 00033048 _____ C:\Users\Kieran\Downloads\[kat.cr]my.little.pony.equestria.girls.rainbow.rocks.soundtrack (1).torrent
2015-09-14 23:59 - 2015-09-15 00:00 - 104985721 _____ C:\Users\Kieran\Downloads\Arkhangelsk - Arkhangelsk.zip
2015-09-14 20:36 - 2015-09-14 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-14 20:35 - 2015-09-14 20:36 - 00000000 ____D C:\Program Files\QuickTime
2015-09-14 20:19 - 2015-09-14 20:25 - 15963960 _____ (Last.fm ) C:\Users\Kieran\Downloads\Last.fm-2.1.37.exe
2015-09-09 16:08 - 2015-08-17 18:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 16:08 - 2015-08-17 18:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 16:08 - 2015-08-17 18:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 16:08 - 2015-08-17 18:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 16:08 - 2015-08-17 18:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 16:08 - 2015-08-17 18:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 16:08 - 2015-08-17 18:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 16:08 - 2015-08-17 18:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 16:08 - 2015-08-17 18:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 16:08 - 2015-08-17 18:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 16:08 - 2015-08-17 18:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 16:08 - 2015-08-17 18:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 16:08 - 2015-08-17 18:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-09 16:08 - 2015-08-17 18:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 16:08 - 2015-08-17 18:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 16:08 - 2015-08-17 18:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 16:08 - 2015-08-17 18:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 16:08 - 2015-08-17 18:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 16:08 - 2015-08-17 18:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-09 16:08 - 2015-08-17 18:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-09-09 16:08 - 2015-08-17 18:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-09 16:08 - 2015-08-17 18:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 16:08 - 2015-08-05 18:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 16:07 - 2015-08-27 18:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 16:07 - 2015-08-27 18:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 16:07 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 16:07 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 16:07 - 2015-08-05 18:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 16:07 - 2015-08-04 18:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 16:07 - 2015-08-04 18:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 16:07 - 2015-08-04 18:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 16:07 - 2015-08-04 18:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 16:07 - 2015-08-04 18:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 16:07 - 2015-08-04 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 16:06 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 16:06 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 16:06 - 2015-09-02 03:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 16:06 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 16:06 - 2015-09-02 02:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 16:06 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 16:06 - 2015-08-26 18:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 16:06 - 2015-08-26 18:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 16:06 - 2015-08-26 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 16:06 - 2015-08-26 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 16:06 - 2015-08-26 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 16:06 - 2015-08-26 18:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 16:06 - 2015-08-26 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 16:06 - 2015-08-26 18:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 16:06 - 2015-08-26 18:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 16:06 - 2015-08-26 18:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 16:06 - 2015-08-26 18:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-09 00:33 - 2009-07-14 05:34 - 00027152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 00:33 - 2009-07-14 05:34 - 00027152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 00:26 - 2012-07-15 22:43 - 01732733 _____ C:\Windows\WindowsUpdate.log
2015-10-09 00:12 - 2013-08-13 02:55 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-10-09 00:03 - 2015-06-18 13:52 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-81080661-2735187969-2813279678-1000UA.job
2015-10-09 00:01 - 2012-07-16 10:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-08 23:39 - 2012-07-16 21:17 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-08 19:01 - 2014-07-07 21:29 - 00000000 ____D C:\Users\Kieran\OneDrive
2015-10-08 19:01 - 2013-02-17 03:16 - 00000000 ___RD C:\Users\Kieran\Google Drive
2015-10-08 19:01 - 2012-09-06 19:15 - 00000000 ____D C:\Users\Kieran\AppData\Roaming\Dropbox
2015-10-08 19:01 - 2012-05-02 22:11 - 00000000 ___RD C:\Users\Kieran\Dropbox
2015-10-08 19:00 - 2013-08-13 02:47 - 00000000 ____D C:\Users\Kieran\AppData\Local\Adobe
2015-10-08 18:59 - 2012-07-16 21:17 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-08 18:57 - 2012-07-16 00:00 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-08 18:57 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-07 02:13 - 2015-06-18 13:52 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-81080661-2735187969-2813279678-1000Core.job
2015-10-04 04:08 - 2014-02-10 20:55 - 00000000 ____D C:\Users\Kieran\AppData\Roaming\Azureus
2015-10-02 03:01 - 2015-04-04 16:22 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-24 19:40 - 2012-10-15 10:35 - 00000000 ____D C:\ProgramData\PCDr
2015-09-24 19:36 - 2013-08-12 17:35 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-09-24 19:35 - 2013-09-08 03:07 - 00001532 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-09-24 02:17 - 2012-07-16 13:45 - 00000000 ____D C:\Windows\rescache
2015-09-24 01:28 - 2010-11-20 22:48 - 00119550 _____ C:\Windows\PFRO.log
2015-09-24 01:12 - 2013-08-19 22:22 - 00000000 ____D C:\Windows\Minidump
2015-09-24 01:00 - 2013-06-02 01:02 - 00000000 ____D C:\Program Files\Syncios
2015-09-24 00:49 - 2013-08-13 02:54 - 00000000 ____D C:\Program Files\Adobe
2015-09-24 00:45 - 2014-01-10 00:10 - 00000000 ____D C:\Users\Kieran\AppData\Local\Mobogenie
2015-09-24 00:39 - 2012-08-01 01:59 - 00000000 ____D C:\Users\Kieran\AppData\Roaming\Apple Computer
2015-09-24 00:39 - 2012-08-01 01:56 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-24 00:19 - 2012-08-10 05:29 - 00000000 ____D C:\Users\Kieran\AppData\Local\Last.fm
2015-09-24 00:15 - 2013-02-11 00:00 - 00000000 ____D C:\Users\Kieran\AppData\Local\Spotify
2015-09-23 23:59 - 2013-02-10 23:59 - 00000000 ____D C:\Users\Kieran\AppData\Roaming\Spotify
2015-09-23 19:38 - 2014-01-10 00:10 - 00210726 _____ C:\Users\Kieran\daemonprocess.txt
2015-09-23 19:06 - 2012-08-01 01:58 - 00000000 ____D C:\Program Files\iTunes
2015-09-22 23:08 - 2013-06-12 02:14 - 00000000 ____D C:\Users\Kieran\AppData\Roaming\vlc
2015-09-22 20:45 - 2012-07-16 21:17 - 00000000 ____D C:\Users\Kieran\AppData\Local\Google
2015-09-22 20:10 - 2012-09-04 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2015-09-22 20:10 - 2012-09-04 20:25 - 00000000 ____D C:\Program Files\TagScanner
2015-09-22 20:01 - 2012-07-16 10:25 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 20:01 - 2012-07-16 10:25 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-20 23:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-20 23:37 - 2010-11-20 22:01 - 00800344 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-16 01:06 - 2012-08-10 05:29 - 00000000 ____D C:\Program Files\Last.fm
2015-09-11 17:06 - 2014-02-20 20:30 - 00002159 _____ C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-10 17:07 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-10 16:54 - 2014-04-07 19:49 - 03674248 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 22:49 - 2013-07-15 17:17 - 00000000 ____D C:\Windows\system32\MRT
 
==================== Files in the root of some directories =======
 
2015-01-21 02:35 - 2015-01-21 03:19 - 6000640 _____ () C:\Program Files\GUT84FF.tmp
2013-08-19 23:37 - 2013-09-18 00:05 - 0001456 _____ () C:\Users\Kieran\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-12-31 17:34 - 2014-01-30 20:50 - 0000788 _____ () C:\Users\Kieran\AppData\Local\cookies.ini
2012-11-09 19:50 - 2012-11-09 19:50 - 0003584 _____ () C:\Users\Kieran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-17 17:17 - 2012-09-17 17:17 - 0000094 _____ () C:\Users\Kieran\AppData\Local\fusioncache.dat
2012-10-02 22:07 - 2012-10-02 22:07 - 0000017 _____ () C:\Users\Kieran\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Kieran\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1qlldf.dll
C:\Users\Kieran\AppData\Local\Temp\i4jdel0.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 00:14
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-10-2015
Ran by Kieran (2015-10-09 00:35:56)
Running from C:\Users\Kieran\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2012-07-15 22:11:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-81080661-2735187969-2813279678-500 - Administrator - Disabled)
ASPNET (S-1-5-21-81080661-2735187969-2813279678-1005 - Limited - Enabled)
Guest (S-1-5-21-81080661-2735187969-2813279678-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-81080661-2735187969-2813279678-1002 - Limited - Enabled)
Kieran (S-1-5-21-81080661-2735187969-2813279678-1000 - Administrator - Enabled) => C:\Users\Kieran
Sonos (S-1-5-21-81080661-2735187969-2813279678-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.15 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Content Viewer (HKLM\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Belkin F7D1101 Basic Wireless USB Adapter (HKLM\...\InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}) (Version: 1.0.0.4 - Belkin)
Belkin F7D1101 Basic Wireless USB Adapter (Version: 1.0.0.4 - Belkin) Hidden
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
Duplicate Cleaner Free 3.2.6 (HKLM\...\Duplicate Cleaner Free) (Version: 3.2.6 - DigitalVolcano Software Ltd) <==== ATTENTION
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Electronic Piano 2.5 (HKLM\...\Electronic Piano 2.5_is1) (Version:  - Maurício Antunes Oliveira)
Electronic Piano 2.6 (HKLM\...\Electronic Piano 2.6_is1) (Version: 2.6.0.0 - Maurício Antunes Oliveira)
F.lux (HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Flux) (Version:  - )
FileHippo App Manager (HKLM\...\FileHippo.com) (Version:  - FileHippo.com)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
iThmb Converter version 1.72.0.531 (HKLM\...\{AC7FF208-CE56-455E-96CB-1D96A0AF33EF}_is1) (Version: 1.72.0.531 - Dec Software)
iTunes (HKLM\...\{9E9CFD9F-64D6-498F-8584-E5CD08BA60BE}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Last.fm Scrobbler 2.1.37 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
Learning Lodge™ (HKLM\...\VTechDownloadManager) (Version:  - VTech)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Mouse Server (HKLM\...\{333AE9D2-1A42-4012-BEC3-DFF9BEBF5CDD}) (Version: 3.0.1 - RPA Tech, Inc)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MusicEase 8.0 (HKLM\...\MusicEase 8.0) (Version:  - )
NVIDIA 3D Vision Controller Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Reason 5.0 (HKLM\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Sonos Controller (HKLM\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 29.6.92240 - Sonos, Inc.)
SoulseekQt (HKLM\...\SoulseekQt) (Version:  - )
Spotify (HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
SyncBackFree (HKLM\...\SyncBackFree_is1) (Version: 7.3.1.12 - 2BrightSparks)
TagScanner 5.1.668 (HKLM\...\TagScanner_is1) (Version:  - Sergey Serkov)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC Streamer 3.28 (HKLM\...\VLC Streamer_is1) (Version:  - )
VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Kieran\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Kieran\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Kieran\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Kieran\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Kieran\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{C4C13033-C0B5-42ef-B5F7-66621858DA10}\InprocServer32 -> C:\Program Files\eMusic Download Manager 6\npEMusic604.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Kieran\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
08-10-2015 19:44:44 Scheduled Checkpoint
09-10-2015 00:32:51 Device Driver Package Install: Disc Soft Ltd Storage controllers
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2013-08-13 02:24 - 00001120 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com 
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com 
127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com 
127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp 
127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com 
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com 
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09112A87-2E3E-4731-B2D3-C81AE146109E} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {17463488-40A3-41EB-9CD2-D71CE4F0C690} - System32\Tasks\AdobeAAMUpdater-1.0-DELL-Kieran => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {5227F6EE-057F-4E0D-BC69-3C38BCC45B0A} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {52D6B2CC-58A3-44A6-81B1-EB10CF2C2C6C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {61E0EC99-2771-49D2-AB54-F5E599A1F72E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-81080661-2735187969-2813279678-1000UA => C:\Users\Kieran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {814B0D96-D004-41BB-94CE-1B0DFC9FE9FF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {83B285A6-185D-4382-AB07-8E5BBBE169F1} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe
Task: {84A5BBFE-62DF-43E2-8401-D5B8E8C628AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {859FE5D7-5637-4A5F-8036-07BC258288AD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-81080661-2735187969-2813279678-1000Core => C:\Users\Kieran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {8C60ED7A-C3C2-429B-BF85-F3E36B6F0297} - System32\Tasks\RunTool => C:\Users\Kieran\AppData\Local\8e522b1f-1369-407a-95f7-13e1ebfe584a\sysad.exe [2015-02-25] () <==== ATTENTION
Task: {B00D2BCB-C06E-4FE1-A41C-76705820C2B4} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B0DFCF67-7C22-44C7-A17B-84ED17A4CCCC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {C1130CC0-7030-4522-9F9C-6561AF06B101} - System32\Tasks\2BrightSparks\SyncBackFree\DELL-Kieran\SyncBackFree music => C:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe [2015-04-02] (2BrightSparks Pte Ltd)
Task: {D0E96CF2-BB98-45DE-9663-13BCE814135F} - System32\Tasks\Google Updater and Installer => C:\Users\Kieran\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D6FCC490-B8BE-448E-95C2-30F38B46CB29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DAA3C5BC-9E3A-48B8-8457-B9D23C20CB32} - System32\Tasks\{7079D846-7496-4DBC-A376-F2871D1786A7} => pcalua.exe -a G:\podplus1310.exe -d G:\
Task: {E066AC2B-864B-4CDA-8A5D-3EDF788CB410} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E0EC4C5D-1CD4-486A-9C3A-6E73C71C507B} - System32\Tasks\{A586CB11-49A1-4C8B-913E-FF3048ED2E1E} => pcalua.exe -a "C:\Program Files\4Media\iPod Manager\Uninstall.exe"
Task: {E10ED097-CB7E-4EFC-A0DA-B128C6E448CA} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {E7E08A84-E643-4B7D-83FB-04953B757181} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F4A43469-4F7A-4F8E-8634-4C76CB142C66} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-81080661-2735187969-2813279678-1000Core.job => C:\Users\Kieran\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-81080661-2735187969-2813279678-1000UA.job => C:\Users\Kieran\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-07-18 22:16 - 2015-02-04 03:05 - 00106640 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-05 16:51 - 2010-05-05 16:51 - 00002560 _____ () C:\Windows\CTXFIRES.DLL
2012-07-16 12:14 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2014-07-04 09:23 - 2014-06-20 07:42 - 00401280 _____ () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
2014-07-04 09:23 - 2014-03-04 12:20 - 00117760 _____ () C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2014-07-04 09:23 - 2014-04-22 03:14 - 00065536 _____ () C:\Program Files\VTech\DownloadManager\System\QHttpServer.dll
2014-07-04 09:23 - 2014-05-06 06:39 - 00861184 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\platforms\qwindows.dll
2014-07-04 09:23 - 2014-05-06 06:38 - 00021504 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\imageformats\qgif.dll
2014-07-04 09:23 - 2014-05-06 06:38 - 00020992 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\imageformats\qico.dll
2014-07-04 09:23 - 2014-05-06 06:38 - 00204800 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\imageformats\qjpeg.dll
2014-07-04 09:23 - 2014-05-06 11:44 - 00218112 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\imageformats\qmng.dll
2014-07-04 09:23 - 2014-05-06 06:58 - 00015872 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\imageformats\qsvg.dll
2014-07-04 09:23 - 2014-05-06 11:44 - 00015360 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\imageformats\qtga.dll
2014-07-04 09:23 - 2014-05-06 11:44 - 00307712 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\imageformats\qtiff.dll
2014-07-04 09:23 - 2014-05-06 11:44 - 00014848 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\imageformats\qwbmp.dll
2014-07-04 09:23 - 2014-05-06 07:31 - 00015872 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\sensors\qtsensors_dummy.dll
2014-07-04 09:23 - 2014-05-06 06:38 - 00036352 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\bearer\qgenericbearer.dll
2014-07-04 09:23 - 2014-05-06 06:38 - 00038912 _____ () C:\Program Files\VTech\DownloadManager\System\plugins\bearer\qnativewifibearer.dll
2009-08-29 07:00 - 2009-08-29 07:00 - 00966656 _____ () C:\Users\Kieran\Local Settings\Apps\F.lux\flux.exe
2015-01-27 13:18 - 2015-01-27 13:18 - 02926800 _____ () C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
2013-11-26 21:35 - 2013-11-26 21:35 - 01382400 _____ () C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
2011-06-14 14:19 - 2011-06-14 14:19 - 00025600 _____ () C:\Program Files\Air Mouse\Air Mouse\BonjourService.dll
2015-10-08 19:00 - 2015-10-08 19:00 - 00071168 _____ () c:\users\kieran\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1qlldf.dll
2015-10-03 01:39 - 2015-09-24 00:07 - 00012800 _____ () C:\Users\Kieran\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-10-03 01:39 - 2015-09-24 00:07 - 00779776 _____ () C:\Users\Kieran\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-03 01:39 - 2015-09-24 00:07 - 00056320 _____ () C:\Users\Kieran\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-10-03 01:39 - 2015-09-24 00:07 - 00012288 _____ () C:\Users\Kieran\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-10-08 18:59 - 2015-10-08 18:59 - 00098816 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32api.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00110080 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\pywintypes27.dll
2015-10-08 18:59 - 2015-10-08 18:59 - 00364544 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\pythoncom27.dll
2015-10-08 18:59 - 2015-10-08 18:59 - 00045568 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\_socket.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 01161216 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\_ssl.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00320512 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32com.shell.shell.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00713216 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\_hashlib.pyd
2015-10-08 19:00 - 2015-10-08 19:00 - 01176576 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\wx._core_.pyd
2015-10-08 19:00 - 2015-10-08 19:00 - 00806400 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\wx._gdi_.pyd
2015-10-08 19:00 - 2015-10-08 19:00 - 00816128 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\wx._windows_.pyd
2015-10-08 19:00 - 2015-10-08 19:00 - 01067008 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\wx._controls_.pyd
2015-10-08 19:00 - 2015-10-08 19:00 - 00733184 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\wx._misc_.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00682496 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\pysqlite2._sqlite.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00087552 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\_ctypes.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00119808 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32file.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00108544 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32security.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00007168 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\hashobjs_ext.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00068096 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\usb_ext.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00167936 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32gui.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00018432 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32event.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00128512 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\_elementtree.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00127488 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\pyexpat.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00013824 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\common.time34.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00036864 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\_psutil_windows.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00038912 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32inet.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00011264 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32crypt.pyd
2015-10-08 19:00 - 2015-10-08 19:00 - 00077312 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\wx._html2.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00027136 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\_multiprocessing.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00020480 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\_yappi.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00035840 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32process.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00686080 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\unicodedata.pyd
2015-10-08 19:00 - 2015-10-08 19:00 - 00123392 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\wx._wizard.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00024064 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32pipe.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00010240 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\select.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00025600 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32pdh.pyd
2015-10-08 19:00 - 2015-10-08 19:00 - 00525640 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\windows._lib_cacheinvalidation.pyd
2015-10-08 18:59 - 2015-10-08 18:59 - 00017408 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32profile.pyd
2015-10-08 18:59 - 2015-10-08 19:00 - 00022528 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\win32ts.pyd
2015-10-08 19:00 - 2015-10-08 19:00 - 00078848 _____ () C:\Users\Kieran\AppData\Local\Temp\_MEI10482\wx._animate.pyd
2015-09-26 13:43 - 2015-09-24 03:34 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-26 13:43 - 2015-09-24 03:34 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kieran\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ROC_ROC_JULY_P1 => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0814C9E1-2709-4E3C-994A-4B476F3D1269}] => (Allow) C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
FirewallRules: [{506283B9-A2DD-419C-9BBC-5F081AF23642}] => (Allow) C:\Program Files\Hobbyist Software\VLC Streamer\mDNSResponder.exe
FirewallRules: [TCP Query User{E2BF8817-0C29-4CAB-B859-19AA6E2D36FE}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{B28D9AF3-7638-4951-ADB8-DB8B40991470}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{68C6B6AA-2683-4B38-9A81-B64EEF17F80E}] => (Allow) C:\Users\Kieran\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{180A2FB3-4DC7-43D9-96A8-E775BF61FD8D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8B19BC77-927D-4409-AA42-03A5C80C28AD}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{993617F7-3A90-4D2E-B7DE-7EE48F6CC0CA}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{09ACA80C-ABB3-4F7E-825B-9CD95CF84870}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{A43EEC8C-803E-4114-BC3A-A0CAFFD01A1A}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{DDCB17C5-0AFA-442D-BEC8-1513D14DA8BA}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{5D7A09FA-A09A-4F80-AE82-3B5A74E59161}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{EEF8F04F-08A1-4F72-B622-79B06CA883E2}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{16D94E7A-35BE-458F-97DD-C25947CD4E1E}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [TCP Query User{566C78A2-4ECA-40EA-B7B2-F53168E3DC49}C:\users\kieran\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kieran\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E9F73B2A-0F59-466B-B5C5-7A84F1B30827}C:\users\kieran\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kieran\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7C62FAF1-70F1-4077-9363-B5663FB7A4B4}C:\users\kieran\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kieran\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9DD97E96-5420-4899-BABC-22E734884567}C:\users\kieran\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kieran\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3D2591E8-F0B3-4A92-9181-343F4E2CC113}C:\program files\air mouse\air mouse\air mouse.exe] => (Allow) C:\program files\air mouse\air mouse\air mouse.exe
FirewallRules: [UDP Query User{D7361B15-BF6F-4AFB-9945-56563694147C}C:\program files\air mouse\air mouse\air mouse.exe] => (Allow) C:\program files\air mouse\air mouse\air mouse.exe
FirewallRules: [TCP Query User{1781AE84-EE51-4158-B522-86FE3D3210EC}C:\program files\air mouse\air mouse\mobile mouse service.exe] => (Allow) C:\program files\air mouse\air mouse\mobile mouse service.exe
FirewallRules: [UDP Query User{5016DA4D-9FF7-421A-915D-A05E60C63042}C:\program files\air mouse\air mouse\mobile mouse service.exe] => (Allow) C:\program files\air mouse\air mouse\mobile mouse service.exe
FirewallRules: [TCP Query User{AF3DD0C8-80B8-4E19-A2D3-2D13635B8F08}C:\program files\sonos\sonos.exe] => (Allow) C:\program files\sonos\sonos.exe
FirewallRules: [UDP Query User{E00E8541-EF7D-494C-8162-74166ED1AE32}C:\program files\sonos\sonos.exe] => (Allow) C:\program files\sonos\sonos.exe
FirewallRules: [TCP Query User{B87C40E7-6795-426B-AF0D-C59069B1B4A8}C:\program files\sonos\sonos.exe] => (Allow) C:\program files\sonos\sonos.exe
FirewallRules: [UDP Query User{C6F10D19-47FA-4622-BD34-0EBD2D474F28}C:\program files\sonos\sonos.exe] => (Allow) C:\program files\sonos\sonos.exe
FirewallRules: [{164F0FC4-C00B-4537-BDA3-8B65678278EB}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EC5B148A-E968-497F-859C-E3ADCA536027}] => (Allow) LPort=2869
FirewallRules: [{BA07410D-D535-4715-9AC9-03C9E15DAF42}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{23AB5B14-BA6D-4C88-8583-D37DCF0F7561}C:\users\kieran\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kieran\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0D775E03-FB57-4974-8F1F-EC9F28A0B2FE}C:\users\kieran\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kieran\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{FE10CE4B-CC33-4E4F-AC96-53559FCFFC3E}C:\program files\air mouse\air mouse\air mouse.exe] => (Allow) C:\program files\air mouse\air mouse\air mouse.exe
FirewallRules: [UDP Query User{9F819E5A-C016-4F66-87A3-6291128FD5D4}C:\program files\air mouse\air mouse\air mouse.exe] => (Allow) C:\program files\air mouse\air mouse\air mouse.exe
FirewallRules: [TCP Query User{446DD6BF-9632-4152-B4BA-113D549082B4}C:\program files\air mouse\air mouse\mobile mouse service.exe] => (Block) C:\program files\air mouse\air mouse\mobile mouse service.exe
FirewallRules: [UDP Query User{551B39F0-E7AD-4F6F-B1FF-D807E7FF0BFD}C:\program files\air mouse\air mouse\mobile mouse service.exe] => (Block) C:\program files\air mouse\air mouse\mobile mouse service.exe
FirewallRules: [TCP Query User{2144D434-905F-48C4-80A4-853626588C6F}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{F9F72EEE-E207-4DFE-9123-E622680092D0}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [{B624133F-CFE2-45AE-BCDA-51A84E0C521A}] => (Allow) C:\Users\Kieran\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A5F6B114-2229-4C31-A73E-19DFA9F6F7AA}] => (Allow) C:\Users\Kieran\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CFECD126-C532-4429-BD6F-06B2D935D81A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{52076864-9CFB-4239-9279-2B46E575821A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{2D91FBA0-0D32-4B75-8389-CD2EEDB1FA0E}] => (Allow) C:\Users\Kieran\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
FirewallRules: [{904C5268-527F-4F9F-BE97-DF31B317D30A}] => (Allow) C:\Users\Kieran\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
FirewallRules: [{04B1C01B-BD6A-4446-93E9-0B84E48ACB75}] => (Allow) C:\Users\Kieran\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
FirewallRules: [{C8AA808F-BCC7-4843-8239-1118773D5ACF}] => (Allow) C:\Users\Kieran\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
FirewallRules: [{526C7C81-83A5-4848-9037-205E69581EDA}] => (Allow) LPort=443
FirewallRules: [{CF294B96-0C04-4334-A3E7-F18063DFD34B}] => (Allow) C:\Users\Kieran\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
FirewallRules: [{4ED72264-D5AE-4F80-A33E-B5B4C6D31CA1}] => (Allow) C:\Users\Kieran\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
FirewallRules: [{6D3101F3-46FA-4017-B021-4C5794DDA731}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E524B322-8C38-46F4-9A24-A86AA96652F8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: MpKsl3fc5bd18
Description: MpKsl3fc5bd18
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl3fc5bd18
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/08/2015 06:59:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/06/2015 02:28:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2015 02:02:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2015 02:01:18 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (10/04/2015 07:31:28 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).
 
Error: (10/04/2015 06:49:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x1724
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3
 
Error: (10/04/2015 06:44:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2015 04:07:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iTunes.exe, version: 12.3.0.44, time stamp: 0x55f8bb3b
Faulting module name: iTunesCore.dll, version: 12.3.0.44, time stamp: 0x55f8bb26
Exception code: 0xc0000005
Fault offset: 0x00216594
Faulting process id: 0xac8
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3
 
Error: (10/03/2015 03:24:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2015 02:25:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/09/2015 12:34:23 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (10/09/2015 12:32:19 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (10/09/2015 12:22:08 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (10/09/2015 12:22:07 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (10/08/2015 07:15:51 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (10/08/2015 07:07:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (10/08/2015 07:07:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (10/08/2015 06:58:26 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (10/08/2015 06:58:26 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x80070005
 
Error description: Access is denied. 
 
Reason: %%892
 
Error: (10/07/2015 12:30:03 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
 
CodeIntegrity:
===================================
  Date: 2014-08-16 01:01:07.631
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\mjcm\5123\nsib.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-15 23:15:25.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\mjcm\5123\nsib.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-15 23:10:05.077
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\mjcm\5123\nsib.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-15 23:10:04.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\mjcm\5123\nsib.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-29 07:04:07.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-29 07:04:06.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-29 07:04:06.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-29 07:04:06.844
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wbem\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-29 07:04:01.576
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-29 07:04:01.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 70%
Total physical RAM: 3325.93 MB
Available physical RAM: 970.51 MB
Total Virtual: 6650.16 MB
Available Virtual: 3588.96 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:217.78 GB) (Free:31.7 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATAPART1) (Fixed) (Total:232.83 GB) (Free:91.74 GB) NTFS
Drive e: () (Fixed) (Total:0.05 GB) (Free:0.05 GB) FAT
Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.59 GB) NTFS
Drive y: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:2.01 GB) NTFS
Drive z: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:64.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 40000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=06)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=217.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 917C54B4)
Partition 1: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (Size: 465.8 GB) (Disk ID: 79F8F0FA)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 7 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there  are some adware infections there, once this has run could you let me know how the system is behaving

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\Kieran\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [AdobeBridge] => [X]
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
Toolbar: HKU\S-1-5-21-81080661-2735187969-2813279678-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\System32\jmdp\pnte.crx <not found>
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{C4C13033-C0B5-42ef-B5F7-66621858DA10}\InprocServer32 -> C:\Program Files\eMusic Download Manager 6\npEMusic604.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {8C60ED7A-C3C2-429B-BF85-F3E36B6F0297} - System32\Tasks\RunTool => C:\Users\Kieran\AppData\Local\8e522b1f-1369-407a-95f7-13e1ebfe584a\sysad.exe [2015-02-25] () <==== ATTENTION
C:\Program Files\Mobogenie
C:\Users\Kieran\AppData\Roaming\newnext.me
C:\Program Files\IB Updater
C:\Windows\System32\jmdp
C:\Users\Kieran\AppData\Local\8e522b1f-1369-407a-95f7-13e1ebfe584a
C:\Users\Kieran\AppData\Local\Temp\_MEI10482
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

I have just run it now and here is the logfile. Once I see how it runs I'll post back here. Let me know if I need to do something based on the result below. Thanks!

 

-Kieran

 

Fix result of Farbar Recovery Scan Tool (x86) Version:08-10-2015
Ran by Kieran (2015-10-10 12:33:55) Run:1
Running from C:\Users\Kieran\Desktop
Loaded Profiles: Kieran (Available Profiles: Kieran)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\Kieran\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\...\Run: [AdobeBridge] => [X]
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
Toolbar: HKU\S-1-5-21-81080661-2735187969-2813279678-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\System32\jmdp\pnte.crx <not found>
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{C4C13033-C0B5-42ef-B5F7-66621858DA10}\InprocServer32 -> C:\Program Files\eMusic Download Manager 6\npEMusic604.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kieran\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {8C60ED7A-C3C2-429B-BF85-F3E36B6F0297} - System32\Tasks\RunTool => C:\Users\Kieran\AppData\Local\8e522b1f-1369-407a-95f7-13e1ebfe584a\sysad.exe [2015-02-25] () <==== ATTENTION
C:\Program Files\Mobogenie
C:\Users\Kieran\AppData\Roaming\newnext.me
C:\Program Files\IB Updater
C:\Windows\System32\jmdp
C:\Users\Kieran\AppData\Local\8e522b1f-1369-407a-95f7-13e1ebfe584a
C:\Users\Kieran\AppData\Local\Temp\_MEI10482
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value removed successfully.
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => value removed successfully.
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleads.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsapplication.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsservice.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqquotes.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ContentExplorer.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutleads.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutquotes.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancer.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancerservice.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaleads.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaquotes.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\theanswerfinder.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancer.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerApp.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerAppservice.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancerservice.exe" => key removed successfully.
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => key removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => value removed successfully.
C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.
C:\Program Files\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll => not found.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.
C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg" => key removed successfully.
"HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully.
"HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully.
"HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully.
"HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{C4C13033-C0B5-42ef-B5F7-66621858DA10}" => key removed successfully.
"HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.
"HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}" => key removed successfully.
"HKU\S-1-5-21-81080661-2735187969-2813279678-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C60ED7A-C3C2-429B-BF85-F3E36B6F0297}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C60ED7A-C3C2-429B-BF85-F3E36B6F0297}" => key removed successfully.
C:\Windows\System32\Tasks\RunTool => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunTool" => key removed successfully.
"C:\Program Files\Mobogenie" => File/Folder not found.
C:\Users\Kieran\AppData\Roaming\newnext.me => moved successfully
"C:\Program Files\IB Updater" => File/Folder not found.
"C:\Windows\System32\jmdp" => File/Folder not found.
C:\Users\Kieran\AppData\Local\8e522b1f-1369-407a-95f7-13e1ebfe584a => moved successfully
"C:\Users\Kieran\AppData\Local\Temp\_MEI10482" => File/Folder not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-81080661-2735187969-2813279678-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{A9C1FEDD-5AB2-4B30-BD21-C011B7C09B9D} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 12:35:30 ====

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You will need to run AdwCleaner to complete the cleaning process
  • 0

#5
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

thanks for the help so far.

 

Chrome seems to be starting up faster now; MSE still fails to complete a full scan.

 

Anything I should do to address that particularly?


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
At what stage does MSE fail ? Is it a particular file

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#7
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I'm not sure whether MSE fails at a certain file, It's only on a full scan it happens.  I'll run it again and see if it gets stuck on a certain file, unless you know of a log file I can check?
 
 
here is the asw MBR log.
 
 
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-10-12 15:10:12
-----------------------------
15:10:12.516    OS Version: Windows 6.1.7601 Service Pack 1
15:10:12.516    Number of processors: 4 586 0xF0B
15:10:12.517    ComputerName: DELL  UserName: 
15:10:45.831    Initialize success
15:10:46.133    VM: initialized successfully
15:10:46.134    VM: Intel CPU BiosDisabled 
15:15:29.930    AVAST engine defs: 15101200
15:19:16.541    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
15:19:16.544    Disk 0 Vendor: WDC_WD25 12.0 Size: 238418MB BusType: 8
15:19:16.547    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
15:19:16.549    Disk 1 Vendor: WDC_WD25 12.0 Size: 238418MB BusType: 8
15:19:16.774    Disk 0 MBR read successfully
15:19:16.777    Disk 0 MBR scan
15:19:16.916    Disk 0 Windows 7 default MBR code
15:19:16.920    Disk 0 Partition 1 00     06          FAT16 Dell 8.0       54 MB offset 63
15:19:16.959    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS        15360 MB offset 112640
15:19:16.985    Disk 0 Partition 3 80 (A) 07      HPFS/NTFS NTFS       223002 MB offset 31569920
15:19:17.007    Disk 0 default boot code
15:19:17.050    Disk 0 scanning sectors +488278016
15:19:17.294    Disk 0 scanning C:\Windows\system32\drivers
15:19:46.143    Service scanning
15:20:16.009    Service MpKsl125cbf1b C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED04F6CF-FAAB-4A40-A8E0-D625A9177980}\MpKsl125cbf1b.sys **LOCKED** 32
15:20:41.726    Modules scanning
15:20:41.735    Disk 0 trace - called modules:
15:20:42.095    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll 
15:20:42.101    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fc9570]
15:20:42.106    3 CLASSPNP.SYS[8c39c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x864e4028]
15:20:43.286    AVAST engine scan C:\Windows
15:20:46.571    AVAST engine scan C:\Windows\system32
15:26:06.328    AVAST engine scan C:\Windows\system32\drivers
15:26:39.707    AVAST engine scan C:\Users\Kieran
15:29:17.189    File: C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000001  **INFECTED** Win32:Adware-gen [Adw]
16:15:58.490    AVAST engine scan C:\ProgramData
16:27:38.494    Disk 0 statistics 4153481/0/0 @ 0.80 MB/s
16:27:38.510    Scan finished successfully
18:59:40.713    Disk 0 MBR has been saved successfully to "C:\Users\Kieran\Desktop\MBR.dat"
18:59:40.766    The log file has been saved successfully to "C:\Users\Kieran\Desktop\aswMBR.txt"

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
AswMBR only found one infection

How is the computer behaving now ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000001
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#9
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

it's performing better now - Chrome and iTunes opening quicker than before.

 

I still get this (pre-existing) error when I start up.I thought it would go once I cleaned the PC, as I uninstalled SynciOS previously.

 

---------------------------
SynciosDeviceService.exe - System Error
---------------------------
The program can't start because DuiLib.dll is missing from your computer. Try reinstalling the program to fix this problem. 
---------------------------
OK   
---------------------------
 
here is the latest log file 
 
Fix result of Farbar Recovery Scan Tool (x86) Version:12-10-2015
Ran by Kieran (2015-10-12 20:29:35) Run:2
Running from C:\Users\Kieran\Desktop
Loaded Profiles: Kieran (Available Profiles: Kieran)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000001
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
C:\Users\Kieran\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000001 => moved successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {D1632F70-81D5-47B0-9DA6-F2468239E089}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 870.8 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:31:09 ====

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets remove that then :)

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [Syncios device service] => C:\Program Files\Syncios\SynciosDeviceService.exe [578048 2013-07-12] ()
2015-09-24 01:00 - 2013-06-02 01:02 - 00000000 ____D C:\Program Files\Syncios
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

Advertisements


#11
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Syncios error is gone! thanks :-)

 

MSE still won't run a full scan, but it may be unrelated - I found this article here: http://answers.micro...b8cf7a7e?auth=1 

 

I can still use it for quick scans and realtime protection,so I for full scans I have downloaded Malwarebytes Antimalware free,

 

Any further instructions let me know!

-Kieran

 

Fix result of Farbar Recovery Scan Tool (x86) Version:12-10-2015

Ran by Kieran (2015-10-13 17:37:55) Run:3
Running from C:\Users\Kieran\Desktop
Loaded Profiles: Kieran (Available Profiles: Kieran)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [Syncios device service] => C:\Program Files\Syncios\SynciosDeviceService.exe [578048 2013-07-12] ()
2015-09-24 01:00 - 2013-06-02 01:02 - 00000000 ____D C:\Program Files\Syncios
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Syncios device service => value removed successfully.
C:\Program Files\Syncios => moved successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 375.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:39:34 ====

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a Malwarebytes scan and let me see the log please
  • 0

#13
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/10/2015
Scan Time: 21:06
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.13.07
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Kieran
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322517
Time Elapsed: 38 min, 9 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Excellent :) How is the computer now apart from the scan problem ?
  • 0

#15
kdokeeffe

kdokeeffe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

pretty good now - thanks!


  • 0






Similar Topics


Also tagged with one or more of these keywords: windows 7, chrome, slow, PC, Microsoft Security Essentials, error

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP