Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need assistance checking for malware; possible hijacked computer/brows

malware

  • Please log in to reply

#1
jrudisill

jrudisill

    New Member

  • Member
  • Pip
  • 1 posts

My Alienware laptop is now randomly sluggish in completing tasks such as opening a folder or launching an app or accessing a new webpage. Sometimes it appears to freeze, but if I wait long enough, it will "recover" and complete the task.

 

More significantly, occasionally when I shut down the computer, several webpages flash by on the screen as the computer shuts down. These pages move too fast to identify, but there was never any visual indication they were running before the shutdown. And two days ago a song started to play with no obvious player or source.

 

Has this laptop been hijacked or hacked??

 

Attached are the two texts files from running FRST64 and a screen shot of the System info.

 

Thanks for your assistance, whomever you are, kind person.

 

Here's the FRST64 file, followed by the Addition file:

_____________________________________________________________________________

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-11-2015
Ran by Jeff (administrator) on JEFFSALIEN (19-11-2015 12:55:49)
Running from C:\Users\Jeff\Desktop
Loaded Profiles: Jeff (Available Profiles: Jeff)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(BitTorrent Inc.) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Jeff\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(BitTorrent Inc.) C:\Users\Jeff\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Jeff\Desktop\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{D6D1E724-9F9D-406A-8F2F-E5834F6D882E}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-930720502-52916992-2161620378-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SK2M_FRPage
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-20]
CHR Extension: (Google Docs) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-20]
CHR Extension: (Google Drive) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (SiteLauncher [Speed Dial]) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo [2015-11-03]
CHR Extension: (AVG Secure Search) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-11-09]
CHR Extension: (Google Search) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-20]
CHR HKU\S-1-5-21-930720502-52916992-2161620378-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vToolbarUpdater40.1.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe [1875856 2015-10-05] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-10-05] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 DptfDevDisplay; C:\Windows\system32\drivers\DptfDevDisplay.sys [45880 2013-02-19] (Intel Corporation)
S3 DptfDevDram; C:\Windows\system32\drivers\DptfDevDram.sys [68072 2013-02-19] (Intel Corporation)
S3 DptfDevFan; C:\Windows\system32\drivers\DptfDevFan.sys [32968 2013-02-19] (Intel Corporation)
S3 DptfDevGen; C:\Windows\system32\drivers\DptfDevGen.sys [45880 2013-02-19] (Intel Corporation)
S3 DptfDevPch; C:\Windows\system32\drivers\DptfDevPch.sys [57216 2013-02-19] (Intel Corporation)
S3 DptfDevProc; C:\Windows\system32\drivers\DptfDevProc.sys [120256 2013-02-19] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\drivers\DptfManager.sys [200808 2013-02-19] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-04-05] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2013-03-27] (Atheros)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3429856 2014-03-12] (Intel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-04-07] (Synaptics Incorporated)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [87776 2013-04-11] (STMicroelectronics)
S3 PCDSRVC{0FF99CEB-15C9CE9E-06020101}_0; \??\c:\program files\alienautopsy\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-19 12:55 - 2015-11-19 12:56 - 00017224 _____ C:\Users\Jeff\Desktop\FRST.txt
2015-11-19 12:55 - 2015-11-19 12:55 - 00000000 ____D C:\FRST
2015-11-19 12:52 - 2015-11-19 12:52 - 02020352 _____ (Farbar) C:\Users\Jeff\Desktop\FRST64 (1).exe
2015-11-19 10:05 - 2015-11-19 10:05 - 00000902 _____ C:\Users\Jeff\Desktop\HijackThis - Shortcut.lnk
2015-11-17 18:10 - 2015-11-17 18:10 - 00021280 _____ C:\Windows\PFRO.log
2015-11-17 16:25 - 2015-11-17 16:28 - 00008460 _____ C:\Windows\wininit.ini
2015-11-17 15:03 - 2015-11-17 15:03 - 00000000 ____D C:\Windows\system32\appmgmt
2015-11-17 14:10 - 2015-11-17 14:10 - 00000000 ____D C:\Windows\pss
2015-11-17 10:31 - 2015-11-17 10:31 - 00283616 _____ C:\Windows\Minidump\111715-37908-01.dmp
2015-11-17 07:40 - 2015-11-17 10:31 - 1149960488 _____ C:\Windows\MEMORY.DMP
2015-11-17 07:40 - 2015-11-17 10:31 - 00000000 ____D C:\Windows\Minidump
2015-11-17 07:40 - 2015-11-17 07:41 - 00287200 _____ C:\Windows\Minidump\111715-51215-01.dmp
2015-11-15 09:54 - 2015-11-15 09:55 - 00028574 _____ C:\Users\Jeff\Documents\Park roster 102715.xlsx
2015-11-12 11:58 - 2015-11-03 09:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 17:55 - 2015-10-20 10:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 17:55 - 2015-10-20 10:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 17:55 - 2015-10-20 10:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 17:55 - 2015-10-20 10:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 17:55 - 2015-10-20 10:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 17:55 - 2015-10-20 10:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 17:55 - 2015-10-20 10:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 17:55 - 2015-10-20 10:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 17:55 - 2015-10-20 10:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 17:55 - 2015-10-20 10:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 17:55 - 2015-10-20 10:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 17:55 - 2015-10-20 09:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 17:55 - 2015-10-20 09:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 17:55 - 2015-10-20 09:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 17:55 - 2015-10-20 09:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 17:55 - 2015-10-20 09:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 17:55 - 2015-10-20 07:01 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 17:55 - 2015-10-20 07:01 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 14292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 17:55 - 2015-10-20 07:00 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 17:55 - 2015-10-20 07:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 17:55 - 2015-10-20 05:54 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 17:55 - 2015-10-20 05:54 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 17:55 - 2015-10-20 05:54 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 17:55 - 2015-10-20 05:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 17:55 - 2015-10-20 05:53 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 17:55 - 2015-10-20 05:53 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 17:55 - 2015-10-20 05:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 17:55 - 2015-10-19 17:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 17:55 - 2015-10-19 17:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 17:55 - 2015-10-19 17:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 17:55 - 2015-10-19 17:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 17:55 - 2015-10-19 17:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 17:55 - 2015-10-19 17:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 17:55 - 2015-10-19 17:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 17:55 - 2015-10-19 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 17:55 - 2015-10-19 17:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 17:55 - 2015-10-19 17:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 17:55 - 2015-10-19 17:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 17:55 - 2015-10-19 17:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 17:55 - 2015-10-19 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 17:55 - 2015-10-19 17:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 17:55 - 2015-10-19 17:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 17:55 - 2015-10-19 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 17:55 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 17:55 - 2015-10-19 16:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 17:55 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 17:55 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 17:55 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 17:55 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 17:55 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 17:55 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 17:55 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 17:55 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 17:55 - 2015-10-19 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 17:55 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 17:55 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 17:55 - 2015-10-19 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 17:55 - 2015-10-19 16:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 17:55 - 2015-10-19 16:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 17:55 - 2015-10-19 16:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 17:55 - 2015-10-19 16:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 17:55 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 17:55 - 2015-10-19 16:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 17:55 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 17:55 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 15:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 17:55 - 2015-10-19 15:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 17:55 - 2015-10-19 15:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 17:55 - 2015-10-19 15:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 17:55 - 2015-10-19 15:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 17:55 - 2015-10-19 15:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 15:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 15:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 17:55 - 2015-10-19 15:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 17:55 - 2015-10-15 11:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 17:55 - 2015-10-15 11:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 17:55 - 2015-10-15 10:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 17:55 - 2015-10-15 10:36 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 17:55 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 17:55 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 17:55 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 17:54 - 2015-10-29 09:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 17:54 - 2015-10-29 09:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 17:54 - 2015-10-29 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 17:54 - 2015-10-29 09:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 17:54 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 17:54 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 17:54 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 17:54 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 17:54 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 17:54 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 17:54 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 17:54 - 2015-10-01 10:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 17:54 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-10 12:16 - 2015-11-10 12:16 - 00003460 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-11-10 12:04 - 2015-11-10 12:04 - 00000000 ____D C:\ProgramData\PCDr
2015-11-02 13:16 - 2015-11-17 06:24 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-11-02 13:16 - 2015-11-02 13:20 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Oomonh
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-19 12:54 - 2015-05-20 18:42 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\uTorrent
2015-11-19 12:49 - 2009-07-13 20:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 12:49 - 2009-07-13 20:45 - 00020896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 12:35 - 2015-05-20 10:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-19 12:14 - 2014-11-06 09:39 - 01757330 _____ C:\Windows\WindowsUpdate.log
2015-11-19 10:02 - 2015-05-20 09:56 - 00000000 ____D C:\Users\Jeff\AppData\Local\VirtualStore
2015-11-19 09:26 - 2015-05-20 18:14 - 00000000 ____D C:\ProgramData\MFAData
2015-11-19 08:06 - 2015-10-09 19:12 - 00000000 ____D C:\Users\Jeff\AppData\LocalLow\uTorrent
2015-11-19 08:00 - 2009-07-13 21:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-19 07:54 - 2015-05-20 10:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 07:54 - 2014-11-06 10:44 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-11-19 07:54 - 2014-11-06 10:44 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-11-19 07:54 - 2014-11-06 10:35 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2015-11-19 07:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-19 07:53 - 2015-10-10 06:44 - 00007336 _____ C:\Windows\setupact.log
2015-11-18 05:43 - 2015-07-26 17:14 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Skype
2015-11-17 21:15 - 2015-07-04 18:29 - 00000000 ____D C:\Users\Jeff\AppData\Local\CrashDumps
2015-11-17 16:28 - 2015-05-29 18:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-17 15:10 - 2014-11-06 09:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-17 15:03 - 2015-08-24 17:21 - 00000000 ____D C:\Program Files (x86)\TechSmith
2015-11-17 15:03 - 2015-05-20 09:56 - 00000000 ____D C:\Users\Jeff
2015-11-17 15:02 - 2015-08-24 17:22 - 00000000 ____D C:\ProgramData\TechSmith
2015-11-17 15:00 - 2014-11-06 10:12 - 00000000 ____D C:\Program Files (x86)\Creative
2015-11-16 20:33 - 2015-05-20 10:53 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\vlc
2015-11-13 03:19 - 2009-07-13 20:45 - 03079112 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 11:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-11-12 04:17 - 2015-05-23 05:43 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 04:13 - 2015-05-23 05:43 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-12 00:14 - 2014-11-06 10:07 - 00776220 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-12 00:13 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 18:36 - 2015-10-19 18:53 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-10 09:52 - 2015-05-20 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-08 15:31 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-11-05 18:26 - 2015-09-24 15:18 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\dvdcss
2015-11-02 13:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-25 16:47 - 2015-07-10 09:01 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Audacity
2015-10-21 11:10 - 2015-08-27 05:50 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-21 11:10 - 2015-05-20 10:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
 
==================== Files in the root of some directories =======
 
2015-08-24 18:37 - 2015-09-09 07:49 - 0005632 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-30 11:08 - 2015-05-30 11:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-06 09:40 - 2014-11-06 09:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-10 08:08
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-11-2015
Ran by Jeff (2015-11-19 12:56:36)
Running from C:\Users\Jeff\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-05-20 17:56:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-930720502-52916992-2161620378-500 - Administrator - Disabled)
Guest (S-1-5-21-930720502-52916992-2161620378-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-930720502-52916992-2161620378-1005 - Limited - Enabled)
Jeff (S-1-5-21-930720502-52916992-2161620378-1002 - Administrator - Enabled) => C:\Users\Jeff
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-930720502-52916992-2161620378-1002\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Web Premium (HKLM-x32\...\Adobe_4db064343401efd6449f33f8411c14b) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AlienAutopsy (HKLM\...\AlienAutopsy) (Version: 3.1.5907.16 - Dell Inc.)
AlienAutopsy (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Alienware)
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.6C - )
Alienware On-Screen Display (x32 Version: 0.33.0.6C - ) Hidden
AMD Catalyst Install Manager (HKLM\...\{F1EDDCBA-609A-678D-87C4-4F5E6B93301C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
AVG 2015 (Version: 15.0.4460 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6176 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.8.599 - AVG Technologies)
calibre (HKLM-x32\...\{B4B62C79-A41D-47C6-B689-0416BEA6678F}) (Version: 2.35.0 - Kovid Goyal)
Camtasia Studio 7 (HKLM-x32\...\{37B03AA0-B125-4649-900C-F26E1081F163}) (Version: 7.0.1 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
EMSC (x32 Version: 0.0.0.24C - Compal Electronics, Inc.) Hidden
FileZilla Client 3.13.1 (HKLM-x32\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Envy 100 D410 series Basic Device Software (HKLM\...\{EA36CD8F-FEC5-46F9-954D-310631F19C27}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Envy 100 D410 series Help (HKLM-x32\...\{749EC8D6-EE79-47FA-B13D-E87A6E3855E8}) (Version: 140.0.32.32 - Hewlett Packard)
HP Envy 100 D410 series Product Improvement Study (HKLM\...\{89EDD29E-D13E-4231-80EE-2C0EC43EC75B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.7.1002 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.7.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6876 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0040 - ST Microelectronics)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.8.62 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-930720502-52916992-2161620378-1002_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
 
==================== Restore Points =========================
 
18-11-2015 19:12:31 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {138FB59D-ADBB-4B37-814A-82FDB12069C8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {30E763B0-89E2-4C06-8246-9343940CBAFF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-20] (Google Inc.)
Task: {32FCB5E6-506F-4614-B911-CB602460DDE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-20] (Google Inc.)
Task: {51E5706C-193C-4AE7-A4FB-3D40E59717EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {58AD9DAC-6854-458B-B483-20CBC2889336} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {76A52351-4B51-4DC3-8685-1E79BBB83D0E} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {8A264952-0910-42AD-AD9C-118D96B35DDC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {ABEAA7E2-08BF-4EC5-8813-4985A2C30ED7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {BA791AA1-A2DF-46A1-B370-B0DEC4658A2C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {DD10FE3D-9D0F-46A3-A2DF-B5E87D74F972} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {E0F0E0DC-00CB-4DAF-869C-7FC52023EF7A} - System32\Tasks\HPCustParticipation HP Envy 100 D410 series => C:\Program Files\HP\HP Envy 100 D410 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {FAFFB42F-D614-4129-B1B9-D6823AFF2BDC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-16 06:56 - 2015-10-05 05:13 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-08-24 05:56 - 2015-08-24 05:56 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-10-05 05:14 - 2015-10-05 05:13 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe
2014-11-06 10:35 - 2012-01-26 19:49 - 02751808 ____N () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-05-29 18:07 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-29 18:07 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-29 18:07 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-05 05:14 - 2015-10-05 05:13 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\log4cplusU.dll
2015-05-29 18:07 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-29 18:07 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-08-24 05:56 - 2015-08-24 05:56 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-930720502-52916992-2161620378-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AlienwareOn-ScreenDisplay => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BingSvc => C:\Users\Jeff\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DptfPolicyLpmServiceHelper => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
MSCONFIG\startupreg: RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{77C1727B-BF8B-4ABD-A7A3-425AA0CAD55D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{09FC67DA-BD86-40F6-AC41-97F1E3D35B4D}] => (Allow) LPort=2869
FirewallRules: [{5371CBFB-9839-4AED-87F5-F54B47045F98}] => (Allow) LPort=1900
FirewallRules: [{A0C7A233-BE55-425A-ADB1-CF0C6AF0D928}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CEA3F2A7-9583-48FF-BC1E-FAB8D9740CB8}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E05D08B4-85AE-4415-BE49-BC1040570761}] => (Allow) C:\Users\Jeff\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D331BE43-E9BC-46E7-9275-72EE3DF400E4}] => (Allow) LPort=5353
FirewallRules: [{8081E189-D511-43E4-8A61-E259FCCC10EC}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{D7B739E0-75F2-4DCF-B77F-A48BDE20F6E4}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{939DEA47-DC59-4D56-97AE-DB924F6125FB}] => (Allow) C:\Program Files\HP\HP Envy 100 D410 series\Bin\DeviceSetup.exe
FirewallRules: [{50A96D28-C833-43A6-A8D0-C2EA774A1E73}] => (Allow) C:\Program Files\HP\HP Envy 100 D410 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1F911FF3-D97F-4B9B-8367-0745217E296A}] => (Allow) C:\Program Files\HP\HP Envy 100 D410 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{24BDFD9C-1472-4ACD-A09B-322F3BBF3FBA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C6718668-4202-40D7-9483-1FC6A898BA28}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2A54632A-025A-4102-9360-444C1AFC5231}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{0D512352-A830-4115-A4AB-7726DA88E2F2}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\7zS52C9\HPDiagnosticCoreUI.exe
FirewallRules: [{3A3DF2A0-7E6B-4C51-808F-34D466F05036}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\7zS52C9\HPDiagnosticCoreUI.exe
FirewallRules: [{87281EF3-3CD9-40C3-A59D-6AA61391A8F1}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\7zS3B83\HPDiagnosticCoreUI.exe
FirewallRules: [{722B9A4A-1C1C-422F-B471-1D1E97CE6425}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\7zS3B83\HPDiagnosticCoreUI.exe
FirewallRules: [{EC546298-A828-4273-94B7-21970AF6F420}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\7zS7D12\HPDiagnosticCoreUI.exe
FirewallRules: [{3CE15C7F-040D-44FD-9CDA-1DE35DC1A245}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\7zS7D12\HPDiagnosticCoreUI.exe
FirewallRules: [{32AA55D1-EB0B-49B5-9C61-D0F9BBDFFE3E}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\7zS4DCD\HPDiagnosticCoreUI.exe
FirewallRules: [{C727AD76-DF60-4F95-9517-2470A759993C}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\7zS4DCD\HPDiagnosticCoreUI.exe
FirewallRules: [{ACAE7C2C-2147-4F22-B84E-2658997DE6D2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{61AE2A1A-1024-4DC8-B820-5533393541E1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{794A34AB-33DD-42FD-93BE-DA5BDE616422}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{97B694CE-0C4A-46C5-8C5B-0AA3C090BC45}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{9516DA4A-1CFE-4C64-A0AE-98CAE8A264B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{87151B62-1BAE-4CEA-9304-8D66797CD180}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{9C157BC8-6352-4FDB-86E6-654175D46CB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/19/2015 07:54:00 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
 
Error: (11/17/2015 07:46:58 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.Session ID = 1
 
Error: (11/17/2015 07:46:58 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failedLast error = [0x00000102]Session ID = 1
 
Error: (11/17/2015 07:41:11 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
 
Error: (11/17/2015 07:25:51 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.Session ID = 1
 
Error: (11/17/2015 07:25:51 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failedLast error = [0x00000102]Session ID = 1
 
Error: (11/17/2015 07:20:32 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
 
Error: (11/17/2015 06:57:46 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.Session ID = 1
 
Error: (11/17/2015 06:57:46 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failedLast error = [0x00000102]Session ID = 1
 
Error: (11/17/2015 06:52:27 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
 
 
System errors:
=============
Error: (11/19/2015 00:39:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/19/2015 00:39:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/19/2015 00:03:03 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/19/2015 00:03:03 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/19/2015 00:02:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/19/2015 00:02:22 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/19/2015 00:00:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/19/2015 00:00:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/19/2015 11:56:37 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/19/2015 11:56:37 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 28%
Total physical RAM: 16269.06 MB
Available physical RAM: 11575.6 MB
Total Virtual: 32536.33 MB
Available Virtual: 26136.29 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:917.84 GB) (Free:837.88 GB) NTFS
Drive f: (DATAPART1) (Fixed) (Total:74.53 GB) (Free:74.43 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2E8C9E16)
Partition 1: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: EACBFBBA)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Thumbnails

  • System info.jpg

Attached Files


Edited by jrudisill, 19 November 2015 - 08:54 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
 

 

 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 

 


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP