Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sudden extreme slowdown on my laptop [Solved]


  • This topic is locked This topic is locked

#1
67mopar

67mopar

    Member

  • Member
  • PipPipPip
  • 199 posts

Dell Latitude E6540

4 gig ram

windows 7 pro

have run super antispyware, AML free Reg Cleaner, Spybot and Malwarebytes as well as AVG scan, and uninstall , and reinstall Firefox

seems like something hijacked my processor, or something, its been a very good reliable machine.

It was a corpoate machine no vpn or networks except my Verizon wifi for internet

This has taken me a painfully long time to get this far, I hope you can spot the issue with no duress,  Thank You  Dean

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by dean (administrator) on DEAN-LP07 (10-11-2015 17:13:55)
Running from C:\Users\dean\Downloads
Loaded Profiles: admin & dean & Guest (Available Profiles: admin & dean & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Autonomy\Connected BackupPC\AgentService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-02-08] (Intel® Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-09-05] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MSD.Desktop] => C:\Program Files (x86)\Mimecast\Mimecast Windows Service\msddsk.exe [39424 2014-05-02] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3779496 2015-10-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe [1422576 2014-08-26] (Autonomy Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-128144278-2142202361-184960113-6528\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-128144278-2142202361-184960113-6528\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7501\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7501\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7818\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7818\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7823\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-128144278-2142202361-184960113-7823\...\Run: [Akamai NetSession Interface] => C:\Users\mras\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-128144278-2142202361-184960113-7823\...\Policies\system: [HideLogonScripts] 0
HKU\S-1-5-21-128144278-2142202361-184960113-7823\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7823\...\Policies\Explorer: [NoSimpleStartMenu] 1
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3212AFFC-AC31-48CE-975D-C8AC7008FE22}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-128144278-2142202361-184960113-6528\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-128144278-2142202361-184960113-7501\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-128144278-2142202361-184960113-7818\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-128144278-2142202361-184960113-6528\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-128144278-2142202361-184960113-6528\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/sphome.aspx
HKU\S-1-5-21-128144278-2142202361-184960113-6528\Software\Microsoft\Internet Explorer\Main,Search Page =  hxxp://www.bing.com
HKU\S-1-5-21-128144278-2142202361-184960113-6528\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-128144278-2142202361-184960113-7501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-128144278-2142202361-184960113-7501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-128144278-2142202361-184960113-7818\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-128144278-2142202361-184960113-7818\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-128144278-2142202361-184960113-7823\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://sp.harvardapp.com/ERP/_layouts/15/start.aspx#/
HKU\S-1-5-21-128144278-2142202361-184960113-7823\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3339490808-3639073983-2094825787-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3339490808-3639073983-2094825787-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-128144278-2142202361-184960113-6528_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-128144278-2142202361-184960113-7501_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-128144278-2142202361-184960113-7818_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-128144278-2142202361-184960113-7823_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3339490808-3639073983-2094825787-1000_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3339490808-3639073983-2094825787-501_classes] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-6528 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-6528 -> {607134AA-364D-494B-A301-B0783AFF2C36} URL = hxxp://www.search.ask.com/web?tpid=YSI2&o=APN10114&pf=V5&p2=%5EA5P%5EYYYYYY%5EYY%5EUS&gct=sb&itbv=12.10.2.4125&apn_uid=ec3abecf-fe39-48ed-abe3-6fd7cdd731f1&apn_ptnrs=%5EA5P&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ff_14.0.1&doi=2013-05-28&trgb=IE,FF&q={searchTerms}&psv=
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-6528 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=8jx78Kd1BjePwOrHqDCXQs-0bQA?q={searchTerms}
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-6528 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-7501 -> DefaultScope {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-7501 -> {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-7818 -> DefaultScope {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-7818 -> {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-7823 -> DefaultScope {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-7823 -> {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1000 -> DefaultScope {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1000 -> {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> {C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> {CC8A5FCB-415E-48BB-8538-E0D44D221918} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)
Handler: WSWSVCUchrome - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-128144278-2142202361-184960113-7823: @citrixonline.com/appdetectorplugin -> C:\Users\mras\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-02] (Citrix Online)
FF Extension: Adblock Plus - C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AgentService; C:\Program Files (x86)\Autonomy\Connected BackupPC\AgentService.exe [7272688 2014-08-26] (Hewlett-Packard Development Company L.P.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-19] (AVG Technologies CZ, s.r.o.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [3485512 2015-08-20] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-09-10] (Nuance Communications, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [174920 2015-08-20] (Invincea, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
S2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{4B92F172-D79F-4E4A-8F94-4079344BA589}
S2 Intel® PROSet Monitoring Service; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
R3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 DVDHelp; C:\Windows\System32\drivers\DVDHelp.sys [28696 2014-12-29] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-25] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GSVDRIVE; C:\Windows\System32\DRIVERS\GSVDRIVE.sys [28568 2014-12-29] (GiliSoft International LLC.) [File not signed]
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-28] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [64648 2015-08-20] (Invincea, Inc.)
S3 InvProtectDrvNet; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrvNet64.sys [24200 2015-08-20] (Invincea, Inc.)
S3 MBAMProtector; no ImagePath
S3 MBAMWebAccessControl; no ImagePath
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [187528 2015-08-20] (Invincea, Inc.)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-05] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [48024 2013-01-28] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [194456 2013-01-28] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-10 17:13 - 2015-11-10 17:18 - 00025131 _____ C:\Users\dean\Downloads\FRST.txt
2015-11-10 17:13 - 2015-11-10 17:14 - 00000000 ____D C:\FRST
2015-11-10 17:11 - 2015-11-10 17:11 - 02198528 _____ (Farbar) C:\Users\dean\Downloads\FRST64.exe
2015-11-10 16:16 - 2015-11-10 16:18 - 43179592 _____ C:\Users\dean\Downloads\Firefox Setup 42.0.exe
2015-11-10 16:09 - 2015-11-10 16:09 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-10 16:09 - 2015-11-10 16:09 - 00001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-10 16:08 - 2015-11-10 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-10 11:06 - 2015-11-10 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autonomy
2015-11-10 09:39 - 2015-11-10 09:39 - 00000000 ____D C:\Users\dean\AppData\Local\softthinks
2015-11-09 17:44 - 2015-11-09 17:44 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-29 07:55 - 2015-10-29 07:55 - 00000340 _____ C:\Windows\Tasks\1015avUpdateInfo.job
2015-10-29 07:55 - 2015-10-29 07:55 - 00000000 ____D C:\ProgramData\Avg_Update_1015av
2015-10-26 02:51 - 2015-10-26 02:51 - 00014179 _____ C:\Users\dean\Desktop\Mason Hire.jpg - Shortcut.lnk
2015-10-26 02:50 - 2015-10-26 02:50 - 00013391 _____ C:\Users\dean\Documents\Mason Hire.jpg - Shortcut.lnk
2015-10-21 03:22 - 2015-10-21 03:22 - 00000000 ____D C:\Users\dean\AppData\Roaming\Sun
2015-10-21 03:22 - 2015-10-21 03:22 - 00000000 ____D C:\Users\dean\.oracle_jre_usage
2015-10-21 03:03 - 2015-10-21 03:03 - 00000000 ____D C:\Users\dean\AppData\LocalLow\Oracle
2015-10-19 12:32 - 2015-10-19 12:32 - 00315312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-10-15 09:04 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 09:04 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 09:04 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 09:04 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 09:04 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 09:04 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 09:04 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 01:55 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 01:55 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 01:55 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 01:55 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 01:55 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 01:55 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 01:55 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 01:55 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 01:55 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 01:55 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 01:55 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 01:55 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 01:55 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 01:55 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 01:55 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 01:55 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 01:55 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 01:55 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 01:55 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 01:55 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 01:55 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 01:55 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 01:55 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 01:55 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 01:55 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 01:55 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 01:55 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 01:55 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 01:55 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 01:55 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 01:55 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 01:55 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 01:55 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 01:55 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 01:55 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 01:55 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 01:55 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 01:55 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 01:55 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 01:55 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 01:55 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 01:55 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 01:55 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 01:55 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 01:55 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 01:55 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 01:55 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 01:55 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 01:55 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 01:55 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 01:55 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 01:55 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 01:55 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 01:55 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 01:55 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 01:55 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 01:55 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 01:55 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 01:55 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 01:55 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 01:55 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 01:55 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 01:55 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 01:55 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 01:55 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 01:55 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 01:55 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 01:55 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 01:55 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 01:55 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 01:55 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 01:55 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 01:55 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 01:55 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 01:55 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 01:55 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 01:55 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 01:55 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 01:55 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 01:55 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 01:55 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 01:55 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 01:55 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 01:55 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 01:55 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 01:55 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 01:55 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 01:55 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 01:55 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 01:55 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 01:55 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 01:55 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 01:55 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 01:55 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 01:55 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 01:55 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 01:55 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 01:55 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 01:55 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 01:55 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 01:55 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 01:55 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 01:55 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 01:55 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 01:55 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 01:55 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 01:55 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 01:55 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 01:55 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 01:55 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 01:55 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 01:55 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 01:55 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 01:55 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 01:55 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 01:55 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 01:55 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 01:55 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 01:55 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 01:55 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 01:55 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 01:55 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 01:55 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 01:55 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 01:55 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 01:55 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 01:55 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 01:55 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 01:55 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 01:55 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 01:55 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 01:55 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 01:55 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 01:55 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 01:55 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 01:55 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 01:55 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 01:55 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 01:55 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 01:55 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 01:55 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 01:55 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 01:55 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 01:55 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 01:55 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 01:55 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 01:54 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 01:54 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 01:54 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 01:54 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 01:54 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 01:54 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 01:54 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 01:54 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 01:54 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 01:54 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 01:54 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-10 17:14 - 2014-03-30 15:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-10 17:12 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-10 17:12 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-10 16:27 - 2014-07-02 09:01 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-128144278-2142202361-184960113-7823.job
2015-11-10 16:09 - 2015-04-16 16:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-10 15:50 - 2014-03-30 17:35 - 01550360 _____ C:\Windows\WindowsUpdate.log
2015-11-10 11:17 - 2014-03-30 16:02 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-11-10 11:16 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-10 11:08 - 2015-10-03 12:43 - 00001804 _____ C:\Windows\setupact.log
2015-11-10 11:08 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-10 09:40 - 2014-05-16 12:34 - 00000000 ____D C:\ProgramData\softthinks
2015-11-10 09:34 - 2014-09-10 14:31 - 00000000 ____D C:\ProgramData\MFAData
2015-11-09 21:11 - 2015-10-03 12:43 - 00005860 _____ C:\Windows\PFRO.log
2015-11-09 18:34 - 2015-04-16 16:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-09 18:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2015-11-09 17:45 - 2015-10-04 12:00 - 00000000 ____D C:\Users\dean\AppData\Local\CrashDumps
2015-11-09 17:45 - 2015-04-16 15:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-09 17:44 - 2015-04-16 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-09 17:44 - 2015-04-16 15:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-02 12:36 - 2015-04-16 16:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-22 11:12 - 2014-12-04 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-21 03:32 - 2014-08-20 17:21 - 00000000 ____D C:\ProgramData\Oracle
2015-10-21 03:23 - 2014-08-20 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-21 03:23 - 2014-08-20 17:20 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-21 03:22 - 2014-08-28 23:09 - 00000000 ____D C:\Users\dean
2015-10-21 03:21 - 2014-08-20 17:20 - 00278624 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-10-21 03:21 - 2014-08-20 17:20 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-21 02:04 - 2011-02-10 09:33 - 00776220 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-20 18:03 - 2015-10-07 11:53 - 00000000 ____D C:\Users\dean\AppData\Local\Microsoft Games
2015-10-16 02:00 - 2015-04-16 02:39 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-16 02:00 - 2014-05-16 13:06 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-14 03:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-10-14 02:17 - 2014-05-16 13:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 02:16 - 2014-05-16 12:50 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 02:08 - 2014-05-16 12:50 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 02:06 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2015-04-16 15:01 - 2015-04-16 15:02 - 0000093 _____ () C:\Users\dean\AppData\Roaming\ARCompanion.log
2015-01-21 13:12 - 2015-04-16 01:12 - 0000063 _____ () C:\Users\dean\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
C:\Users\aalex\AppData\Local\Temp\gdas3c2p.dll
C:\Users\aalex\AppData\Local\Temp\lvyn3psq.dll
C:\Users\aalex\AppData\Local\Temp\Microsoft.GeneratedCode.dll
C:\Users\aalex\AppData\Local\Temp\nro4mjzt.dll
C:\Users\aalex\AppData\Local\Temp\piiaec4e.dll
C:\Users\aalex\AppData\Local\Temp\qxqh2umw.dll
C:\Users\aalex\AppData\Local\Temp\tgxhku2w.dll
C:\Users\admin\AppData\Local\Temp\ose00000.exe
C:\Users\ajon\AppData\Local\Temp\1lzvfxxv.dll
C:\Users\ajon\AppData\Local\Temp\4likm1e1.dll
C:\Users\ajon\AppData\Local\Temp\dmd2pz35.dll
C:\Users\ajon\AppData\Local\Temp\lqzumtce.dll
C:\Users\ajon\AppData\Local\Temp\Microsoft.GeneratedCode.dll
C:\Users\ajon\AppData\Local\Temp\r2jsj1x4.dll
C:\Users\ajon\AppData\Local\Temp\r5vbqrml.dll
C:\Users\ajon\AppData\Local\Temp\rykftlsv.dll
C:\Users\ajon\AppData\Local\Temp\xf1xt155.dll
C:\Users\dean\AppData\Local\Temp\lfamejid.dll
C:\Users\kchea\AppData\Local\Temp\0gx1swlt.dll
C:\Users\kchea\AppData\Local\Temp\Microsoft.GeneratedCode.dll
C:\Users\kchea\AppData\Local\Temp\zgqzbzk3.dll
C:\Users\mras\AppData\Local\Temp\0bkce1za.dll
C:\Users\mras\AppData\Local\Temp\0mo0ffc3.dll
C:\Users\mras\AppData\Local\Temp\he3dbdhg.dll
C:\Users\mras\AppData\Local\Temp\Microsoft.GeneratedCode.dll
C:\Users\mras\AppData\Local\Temp\njy1wpv1.dll
C:\Users\mras\AppData\Local\Temp\sqfodldw.dll
C:\Users\mras\AppData\Local\Temp\wq42txje.dll
C:\Users\mras\AppData\Local\Temp\xbhvfcmz.dll
C:\Users\mras\AppData\Local\Temp\ycans4sn.dll
C:\Users\mras\AppData\Local\Temp\yqnilmgz.dll
C:\Users\mras\AppData\Local\Temp\z0h5nmal.dll
C:\Users\mras\AppData\Local\Temp\zvkjw2uu.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-31 21:33

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by dean (2015-11-10 17:27:34)
Running from C:\Users\dean\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-05-16 17:27:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3339490808-3639073983-2094825787-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3339490808-3639073983-2094825787-500 - Administrator - Disabled)
dean (S-1-5-21-3339490808-3639073983-2094825787-1002 - Administrator - Enabled) => C:\Users\dean
Guest (S-1-5-21-3339490808-3639073983-2094825787-501 - Limited - Disabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Disabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Webroot SecureAnywhere (Disabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-128144278-2142202361-184960113-7823\...\Akamai) (Version:  - Akamai Technologies, Inc)
AML Free Registry Cleaner 4.25 (HKLM-x32\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version:  - AML SOFT, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audio Editor And Recorder Packages (HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\Audio Editor And Recorder Packages) (Version:  - ) <==== ATTENTION
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6173 - AVG Technologies)
AVG 2015 (Version: 15.0.4460 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6173 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
ClassicGamesRemade (HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\ClassicGamesRemade) (Version:  - )
Connected Backup/PC Agent (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.8.2.0 - Autonomy Corporation plc)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Custom Help (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.1.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 5.0.21247 - Invincea, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.3.0.1440 (HKU\S-1-5-21-128144278-2142202361-184960113-7823\...\GoToMeeting) (Version: 6.3.0.1440 - CitrixOnline)
idoo DVD Ripper 6.1.0 (HKLM-x32\...\{DC858DB6-0659-165E-CF69-C6B78992F341}}_is1) (Version: 6.1.0 - idoo International LLC.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.5.52.1 (HKLM\...\PROSetDX) (Version: 18.5.52.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3204 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® WiDi (HKLM\...\{62E7C369-64FF-452C-8F46-6BE9B77FF097}) (Version: 4.0.18.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{fae8de85-97ab-4053-a8bb-03bfc86ac533}) (Version: 15.6.1 - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Standard 2010 (HKLM-x32\...\Office14.PRJSTDR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mimecast Services for Outlook 32-bit (HKLM-x32\...\{44C3BE40-6688-40F1-9C6F-1550D5E5868C}) (Version: 5.0.853.8820 - Mimecast Ltd)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Nuance PDF Converter Enterprise 8 (HKLM\...\{E5F6DE36-F554-47E9-B6F6-08788C720F55}) (Version: 8.10.6243 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 8 (HKLM-x32\...\{E5F6DE36-F554-47E9-B6F6-08788C720F55}) (Version: 8.10.6243 - Nuance Communications, Inc.)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{C8B104BE-C895-4976-8295-0B190B53A8B6}) (Version: 3.0.08.18 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.08.18 - O2Micro International LTD.) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTDR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Update for PriceFountain (HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\Price Fountain) (Version:  - Update for PriceFountain) <==== ATTENTION
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-128144278-2142202361-184960113-7823_classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\mras\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

28-10-2015 03:35:19 Scheduled Checkpoint
04-11-2015 13:42:04 Scheduled Checkpoint
10-11-2015 10:53:34 Removed Connected Backup/PC Agent

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {58397141-DEF4-4A29-99CE-0409EAA6CC05} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {58F0448A-D08A-4F8E-89A0-225FC8D0DF75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {78E809F0-0F67-4FAE-8FD7-80C013D05AA3} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer\updater.exe
Task: {83B65A7F-28C0-4522-8255-6B75597A13DA} - \IE_ERR4WDR -> No File <==== ATTENTION
Task: {87018814-311E-474C-9082-9E23D1AFDE07} - \boosterpop -> No File <==== ATTENTION
Task: {941C5442-7F2B-4651-8074-C5B278AF8D0C} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {9A95B8F3-1550-4F9F-B538-8638721CAC8B} - System32\Tasks\G2MUpdateTask-S-1-5-21-128144278-2142202361-184960113-7823 => C:\Users\mras\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe [2014-07-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {9F2B9428-9007-4A80-98AB-F6FB8E6FCD56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30] (Adobe Systems Incorporated)
Task: {A7A6CE66-33CC-4B4B-B201-3EDE78A7B89A} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
Task: {ABD02821-E185-4994-B672-E656517894F1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {C2F2775A-22C5-4651-A5F5-0535394AE967} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {C5943925-DB22-44ED-8D20-4C5B03DC93C6} - System32\Tasks\{F8DD7030-1661-4DFB-A8C6-B9ED1342B2C7} => pcalua.exe -a "C:\Downloads\Crystal reports v9\setup.exe" -d "C:\Downloads\Crystal reports v9"
Task: {EEFCB6DF-F3F0-4CED-9341-31ECECF1079A} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer\Popialert.exe
Task: {F5725E3E-10D3-48FD-9323-3CFF2BB70EC6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3339490808-3639073983-2094825787-1002
Task: {F8E8F0A3-950A-4A14-9F98-F09CF38D9CF0} - \ProgramUpdateCheck -> No File <==== ATTENTION
Task: {F93A6F3F-6194-4E23-8713-76B9427A830F} - \HDNINSTSCHD -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\1015avUpdateInfo.job => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-128144278-2142202361-184960113-7823.job => C:\Users\mras\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-30 16:02 - 2013-04-19 15:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-03-30 16:02 - 2013-04-19 15:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2014-03-30 16:02 - 2013-04-19 15:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-03-30 16:02 - 2013-04-19 15:51 - 00034080 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-03-30 15:43 - 2013-11-13 16:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-08-26 15:19 - 2014-08-26 15:19 - 00076528 _____ () C:\Program Files (x86)\Autonomy\Connected BackupPC\SDK8.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:104
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:170
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:292
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3255
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3356

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-128144278-2142202361-184960113-7823\...\harvardapp.com -> hxxps://sp.harvardapp.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-se.com -> 1-se.com

There are 10818 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-128144278-2142202361-184960113-6528\Control Panel\Desktop\\Wallpaper -> C:\Users\kchea\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-128144278-2142202361-184960113-7501\Control Panel\Desktop\\Wallpaper -> C:\Users\ajon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-128144278-2142202361-184960113-7818\Control Panel\Desktop\\Wallpaper -> C:\Users\aalex\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-128144278-2142202361-184960113-7823\Control Panel\Desktop\\Wallpaper -> C:\Users\mras\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3339490808-3639073983-2094825787-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\dean\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: WavesSvc => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4423493A-FCCD-4A9D-812E-F15B790AFFF3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A88B26A7-134F-41B8-9986-FAE11097ED5E}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{CC4C9638-5382-4401-BDE4-6539125714B9}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{8CC425FF-A1F2-4419-A368-2C8619BB6ACE}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{C4FEF3AF-53F8-4413-8EF0-57E05FD0BF26}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{147ABACB-C2A8-4BB7-88A4-BA674DDE52B0}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{E8FCEFDF-65E5-4E21-AB20-873E9623E4AB}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{E62F146E-AE20-4DD5-A524-5F8BCEFEC123}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{2686B4EE-2CB7-474F-A688-F7A0D3C571E8}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{A7DDC3A8-724E-4051-A391-B97542E29BC9}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{D26D0C64-43DE-42ED-944C-C0E5C286F71A}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [{5E715A5E-2086-4697-9791-AC1781DB553D}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [{D410783E-D11F-4415-8DEF-06AE05D29CF1}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [{1F95E71C-8C0D-4642-9916-FC52907F1C8B}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [TCP Query User{43BA677A-C29A-4E89-A82A-EBD8E79935D5}C:\program files (x86)\microsoft office\office14\outlook.exe] => (Block) C:\program files (x86)\microsoft office\office14\outlook.exe
FirewallRules: [UDP Query User{0DAFAFE8-EC4A-4A30-8000-CFBF9927921E}C:\program files (x86)\microsoft office\office14\outlook.exe] => (Block) C:\program files (x86)\microsoft office\office14\outlook.exe
FirewallRules: [TCP Query User{91083060-1479-42F4-8CB9-935912909A6C}C:\users\mras\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mras\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{121CF38A-EB30-4236-BF6C-51F0587DE338}C:\users\mras\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mras\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7EA55F93-B1A7-4C47-81A1-7ABC1A275F65}C:\users\mras\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\mras\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{067B0835-0F8B-4465-B955-EE826FD05724}C:\users\mras\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\mras\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F6A1048A-7A5C-4AFA-BC56-3540EB442B8E}C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe] => (Allow) C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe
FirewallRules: [UDP Query User{B924969D-0270-4B45-8545-96F2E3F3555A}C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe] => (Allow) C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe
FirewallRules: [TCP Query User{FE4F6470-0897-4CA0-A73A-0B56C078352F}C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe] => (Allow) C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe
FirewallRules: [UDP Query User{25E5A8FC-BF62-4EC3-9AF5-DE9F9A8FD316}C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe] => (Allow) C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe
FirewallRules: [{32776D63-249D-475B-AD9B-1FC2CA09EC3C}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [{EC8CD08E-BDAE-484F-B915-E0BFC67F166D}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [TCP Query User{7B84AF5E-BF2B-48F1-A636-64F50FA706CA}C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe] => (Block) C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe
FirewallRules: [UDP Query User{177CCB2A-30EA-43DE-BE93-EDA1E75758AE}C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe] => (Block) C:\program files (x86)\mimecast\mimecast windows service\msddsk.exe
FirewallRules: [{396F8A78-9346-4248-B0E0-A354AE38B4D4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{8CF7913A-5B98-4929-97FA-46849A16D3C0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{34686439-CFAF-42E9-9857-6BA4216E3CDC}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{0024EDF7-BF4F-40ED-A620-068DC4F1AC08}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{C6AD0071-3CCD-4ACC-B179-21EBA7BCC202}] => (Allow) LPort=7000
FirewallRules: [{8FDC4A2F-1964-4525-85C1-CDC92F619CC2}] => (Allow) LPort=7000
FirewallRules: [{5392136A-38EF-4219-8D4E-3ED091ED245D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90ACABEF-7421-4D6E-86C3-0D32B868514B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E3F6443D-200F-4E6E-809C-24E47F473C40}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55C6D8B3-5905-40E7-B4AD-5F613E473C77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{307E0D1D-B60B-4F6E-9752-E8434CE624D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{96BA09F8-5129-4F86-B002-D03FA609FA78}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{44AE361E-4C44-4360-98A5-F440444A3C18}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{8B0AB5EB-39FC-4813-A550-241055C3782D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{CBC3B47C-A384-45B1-A706-DBFAAE0D0B84}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{0882412A-3287-4878-9BD7-8A8DDD1D74ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4CB89349-3266-4DDD-BEAE-26F4944D0411}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2015 02:31:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5491

Error: (11/10/2015 02:31:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5491

Error: (11/10/2015 02:31:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2015 02:31:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4415

Error: (11/10/2015 02:31:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4415

Error: (11/10/2015 02:31:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2015 02:31:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3401

Error: (11/10/2015 02:31:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3401

Error: (11/10/2015 02:31:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2015 02:31:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2309


System errors:
=============
Error: (11/10/2015 01:21:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (11/10/2015 11:09:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (11/10/2015 11:09:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Invincea Service service failed to start due to the following error:
%%1053

Error: (11/10/2015 11:09:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Invincea Service service to connect.

Error: (11/10/2015 11:09:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet Monitoring Service service failed to start due to the following error:
%%3

Error: (11/10/2015 11:08:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell.PowerManager.Service service failed to start due to the following error:
%%1053

Error: (11/10/2015 11:08:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell.PowerManager.Service service to connect.

Error: (11/10/2015 11:08:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (11/10/2015 11:06:38 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The AgentService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/10/2015 11:00:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AgentService service.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4300M CPU @ 2.60GHz
Percentage of memory in use: 68%
Total physical RAM: 4001.47 MB
Available physical RAM: 1266.6 MB
Total Virtual: 8001.15 MB
Available Virtual: 5587.21 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:282.87 GB) (Free:187.15 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:15.18 GB) (Free:7.71 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 313B336C)
Partition 1: (Not Active) - (Size=40 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello 67mopar and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on. I need time to analyse your logs and I'll post back with a fix soon. :)

  • 0

#3
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

Thanks Bruce, looking forward to your input


  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi 67mopar

Lets see what we can do :)

Advisory Removal

AML Registry Cleaner

I note that you are using this registry cleaner. A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.

I would recommend removal of AML Registry Cleaner but that choice is up to you. If you choose not to uninstall it please do not use it during the cleaning process.


Step1 - Remove unwanted programs

Please uninstall the following unwanted programs:

Audio Editor And Recorder Packages
Update for PriceFountain


Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall.
Click uninstall.
Repeat the above steps for all the other programs to remove.


Step2 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   6.61KB   93 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step3 - AdwCleaner Scan

    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Upon completion, click Logfile. A log (AdwCleaner[S*].txt) will open.
  • Please copy and paste this in your next reply.

    Things for your next post:
  • fixlog.txt
  • AdwCleaner[S*].txt

  • 0

#5
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

Neither of these two programs show up on my list , Im gonna move on to the next step


  • 0

#6
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

I do not have a farbar icon on my desktop, only pinned to my taskbar, ive tried to create a shortcut to my desktop without sucess , advise


  • 0

#7
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

re downloaded tried everything from the beginning a few times, created a folder and put both in there, and tried next to each other on my desktop,  just keep getting no fixlist found,  that said my icons are labled as FRST64.exe  and fixlist-1.txt 


  • 0

#8
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

# AdwCleaner v5.020 - Logfile created 13/11/2015 at 15:22:06
# Updated 13/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : dean - DEAN-LP07
# Running from : C:\Users\dean\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\Portable WeatherApp
Folder Found : C:\ProgramData\Avg_Update_0914av
Folder Found : C:\ProgramData\Avg_Update_1015av
Folder Found : C:\Users\dean\AppData\Local\FileTypeAssistant
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : IEError
Task Found : AI_Updater

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKCU\Software\FileTypeAssistant
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Fountain
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC8A5FCB-415E-48BB-8538-E0D44D221918}

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1468 bytes] ##########


  • 0

#9
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi 67mopar

Sorry, my mistake I should have asked you to move the FRST64.exe file directly to your desktop first. Follow these instructions and then try the FRST fix from my post.



I noticed that you run FRST64.exe from Users\Downloads folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then go to Desktop, right-click any free space and click Paste. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from.

Once you have done this do the following.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   6.61KB   69 downloads
  • Ensure fixlist.txt is in the same location as FRST64.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • When the fix is completed the system will reboot.
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    Please then proceed with the adwCleaner scan from post #4

  • 0

#10
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

moved it from download folder, cut and pasted it to my desktop, moved fixlist right next to it and it still does not see it, do I have to rename the file and get rid of the .exe  I also been getting erunt error,  Im fairly good at this and I cant figure it out


  • 0

Advertisements


#11
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi 67mopar

As long as both fixlist.txt and the FRST64.exe are on the desktop all you should need to do is right click on FRST64.exe, Select Run as Administrator. Once FRST64.exe opens click on Fix. The fix should then process. :)
  • 0

#12
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

just says "no fixlist found,"    is there a screenshot option on my machine


  • 0

#13
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

telling me it is not in the same folder/directory the tool is located

Properties on both are located in C users Dean desktop. 

should i delete the programs and reinstall and re run inital log

Or can we work with OTL, or Hijack this, or another scan tool. 


  • 0

#14
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi 67mopar

First, can you have a look in the following location C:\FRST\Logs and see if you can see file(s) beginning with fixlog?

If so please double click to open it and copy and paste the entire contents in your next reply.

If not

Please confirm you have a file called FRST64.exe on your desktop.
Please confirm you have a file called fixlist.txt on your desktop. The file must be called fixlist.txt

If you also have a file called fixlist-1.txt on your desktop, please delete this.

Then try running the fix.
  • 0

#15
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

ha thats exactly what I did, I figured it out and renamed it, then the scan /fix ran  

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by dean (2015-11-13 17:47:54) Run:1
Running from C:\Users\dean\Desktop
Loaded Profiles: dean (Available Profiles: admin & dean & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-128144278-2142202361-184960113-6528\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-128144278-2142202361-184960113-6528\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7501\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7501\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7818\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7818\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7823\...\Policies\system: [HideLogonScripts] 0
HKU\S-1-5-21-128144278-2142202361-184960113-7823\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-128144278-2142202361-184960113-7823\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-128144278-2142202361-184960113-6528\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-128144278-2142202361-184960113-7501\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-128144278-2142202361-184960113-7818\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-128144278-2142202361-184960113-6528_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-128144278-2142202361-184960113-7501_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-128144278-2142202361-184960113-7818_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-128144278-2142202361-184960113-7823_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3339490808-3639073983-2094825787-1000_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3339490808-3639073983-2094825787-501_classes] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-6528 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-6528 -> {607134AA-364D-494B-A301-B0783AFF2C36} URL = hxxp://www.search.ask.com/web?tpid=YSI2&o=APN10114&pf=V5&p2=%5EA5P%5EYYYYYY%5EYY%5EUS&gct=sb&itbv=12.10.2.4125&apn_uid=ec3abecf-fe39-48ed-abe3-6fd7cdd731f1&apn_ptnrs=%5EA5P&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ff_14.0.1&doi=2013-05-28&trgb=IE,FF&q={searchTerms}&psv=
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-6528 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=8jx78Kd1BjePwOrHqDCXQs-0bQA?q={searchTerms}
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-6528 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-7501 -> {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-7818 -> DefaultScope {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-7818 -> {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-7823 -> DefaultScope {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-128144278-2142202361-184960113-7823 -> {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1000 -> DefaultScope {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1000 -> {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> {49CD67EF-2CE1-4B77-966B-D3E61841FF7A} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> {C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> {CC8A5FCB-415E-48BB-8538-E0D44D221918} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
Handler: WSWSVCUchrome - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 Intel® PROSet Monitoring Service; no ImagePath
S3 MBAMProtector; no ImagePath
S3 MBAMWebAccessControl; no ImagePath
Task: {78E809F0-0F67-4FAE-8FD7-80C013D05AA3} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer\updater.exe
C:\Program Files (x86)\Tuneup computer
Task: {83B65A7F-28C0-4522-8255-6B75597A13DA} - \IE_ERR4WDR -> No File <==== ATTENTION
Task: {87018814-311E-474C-9082-9E23D1AFDE07} - \boosterpop -> No File <==== ATTENTION
Task: {941C5442-7F2B-4651-8074-C5B278AF8D0C} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {A7A6CE66-33CC-4B4B-B201-3EDE78A7B89A} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
Task: {EEFCB6DF-F3F0-4CED-9341-31ECECF1079A} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer\Popialert.exe
Task: {F8E8F0A3-950A-4A14-9F98-F09CF38D9CF0} - \ProgramUpdateCheck -> No File <==== ATTENTION
Task: {F93A6F3F-6194-4E23-8713-76B9427A830F} - \HDNINSTSCHD -> No File <==== ATTENTION
C:\Program Files (x86)\Autonomy
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:104
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:170
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:292
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3255
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3356
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Classes\exefile: "%1" %* <===== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:




*****************

Restore point was successfully created.
HKU\S-1-5-21-128144278-2142202361-184960113-6528\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ForceStartMenuLogOff => value not found.
HKU\S-1-5-21-128144278-2142202361-184960113-6528\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSimpleStartMenu => value not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7501\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ForceStartMenuLogOff => value not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7501\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSimpleStartMenu => value not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7818\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ForceStartMenuLogOff => value not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7818\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSimpleStartMenu => value not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7823\Software\Microsoft\Windows\CurrentVersion\Policies\system\\HideLogonScripts => value not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7823\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ForceStartMenuLogOff => value not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7823\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSimpleStartMenu => value not found.
HKU\S-1-5-21-128144278-2142202361-184960113-6528\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7501\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7818\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-128144278-2142202361-184960113-6528\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-128144278-2142202361-184960113-6528\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{607134AA-364D-494B-A301-B0783AFF2C36} => key not found.
HKCR\CLSID\{607134AA-364D-494B-A301-B0783AFF2C36} => key not found.
HKU\S-1-5-21-128144278-2142202361-184960113-6528\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => key not found.
HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => key not found.
HKU\S-1-5-21-128144278-2142202361-184960113-6528\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => key not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49CD67EF-2CE1-4B77-966B-D3E61841FF7A} => key not found.
HKCR\CLSID\{49CD67EF-2CE1-4B77-966B-D3E61841FF7A} => key not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7818\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7818\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49CD67EF-2CE1-4B77-966B-D3E61841FF7A} => key not found.
HKCR\CLSID\{49CD67EF-2CE1-4B77-966B-D3E61841FF7A} => key not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7823\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-128144278-2142202361-184960113-7823\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49CD67EF-2CE1-4B77-966B-D3E61841FF7A} => key not found.
HKCR\CLSID\{49CD67EF-2CE1-4B77-966B-D3E61841FF7A} => key not found.
HKU\S-1-5-21-3339490808-3639073983-2094825787-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3339490808-3639073983-2094825787-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49CD67EF-2CE1-4B77-966B-D3E61841FF7A} => key not found.
HKCR\CLSID\{49CD67EF-2CE1-4B77-966B-D3E61841FF7A} => key not found.
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value removed successfully
"HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49CD67EF-2CE1-4B77-966B-D3E61841FF7A}" => key removed successfully
HKCR\CLSID\{49CD67EF-2CE1-4B77-966B-D3E61841FF7A} => key not found.
"HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}" => key removed successfully
HKCR\CLSID\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1} => key not found.
"HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC8A5FCB-415E-48BB-8538-E0D44D221918}" => key removed successfully
HKCR\CLSID\{CC8A5FCB-415E-48BB-8538-E0D44D221918} => key not found.
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Intel® PROSet Monitoring Service => service not found.
MBAMProtector => service removed successfully
MBAMWebAccessControl => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78E809F0-0F67-4FAE-8FD7-80C013D05AA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78E809F0-0F67-4FAE-8FD7-80C013D05AA3}" => key removed successfully
C:\Windows\System32\Tasks\AI_Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AI_Updater" => key removed successfully
"C:\Program Files (x86)\Tuneup computer" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83B65A7F-28C0-4522-8255-6B75597A13DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83B65A7F-28C0-4522-8255-6B75597A13DA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IE_ERR4WDR => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87018814-311E-474C-9082-9E23D1AFDE07}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87018814-311E-474C-9082-9E23D1AFDE07}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{941C5442-7F2B-4651-8074-C5B278AF8D0C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{941C5442-7F2B-4651-8074-C5B278AF8D0C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPDTEXE4_WDR => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7A6CE66-33CC-4B4B-B201-3EDE78A7B89A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7A6CE66-33CC-4B4B-B201-3EDE78A7B89A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEFCB6DF-F3F0-4CED-9341-31ECECF1079A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEFCB6DF-F3F0-4CED-9341-31ECECF1079A}" => key removed successfully
C:\Windows\System32\Tasks\IEError => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IEError" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8E8F0A3-950A-4A14-9F98-F09CF38D9CF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8E8F0A3-950A-4A14-9F98-F09CF38D9CF0}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F93A6F3F-6194-4E23-8713-76B9427A830F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F93A6F3F-6194-4E23-8713-76B9427A830F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDNINSTSCHD => key not found.
C:\Program Files (x86)\Autonomy => moved successfully
C:\Windows\SysWOW64\MSIHANDLE => ":104" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":170" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":292" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3204" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3255" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3356" ADS removed successfully.
"HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Classes\exefile => key not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {1D0FE383-E0A9-43AB-B9D1-AF60C3119543}.
0 out of 1 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 990.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:58:42 ====


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP