Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think my computer is infected [Solved]

Started by hophead , Nov 25 2015 05:13 PM
ie 11 freeze flicker

  • This topic is locked This topic is locked

#1
hophead
Posted 25 November 2015 - 05:13 PM

hophead

    Member

  • Member
  • PipPip
  • 30 posts

Internet explorer 11 and even Edge seem to freeze a lot. Sometimes I when a tab freezes I it flickers quickly,  

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 02
Ran by patri_000 (administrator) on TOUCHOFGREY (25-11-2015 17:59:21)
Running from C:\Users\patri_000\Downloads
Loaded Profiles: patri_000 (Available Profiles: patri_000 & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Contour Design, Inc.) C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(BitTorrent Inc.) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Contour Design, Inc.) C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
(BitTorrent Inc.) C:\Users\patri_000\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(BitTorrent Inc.) C:\Users\patri_000\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6416.42001.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6418.23501.0_x64__8wekyb3d8bbwe\HubTaskHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [5010224 2012-07-13] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-07] (Synaptics Incorporated)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285680 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Contour Shuttle Device Helper] => C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe [128000 2013-08-26] (Contour Design, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)
HKLM-x32\...\Run: [ospd_us_014010123] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [Google Update] => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-10] (Google Inc.)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-04] (PeerBlock, LLC)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [EPSON Stylus Photo R280 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE [213504 2007-04-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [uTorrent] => C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [WindApp] => "C:\Users\patri_000\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [Selection Tools] => "C:\Users\patri_000\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\RunOnce: [Uninstall C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\MountPoints2: {6adfeada-4a42-11e5-bebb-681729f16340} - "G:\DTVP_Launcher.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-29] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Startup: C:\Users\patri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{63155eb5-97b5-4064-ba12-b9aa9cbb2a40}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95b8d7f3-d84b-4228-a7e8-0d2c896bb31b}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001 -> DefaultScope {98CA42E9-1562-4F0E-868F-878FE766C7A8} URL =
SearchScopes: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001 -> {98CA42E9-1562-4F0E-868F-878FE766C7A8} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-29] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-08] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-29] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-08-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2014-11-08] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1294961462-4170339457-2841224387-1001: @tools.google.com/Google Update;version=3 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1294961462-4170339457-2841224387-1001: @tools.google.com/Google Update;version=9 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-29] [not signed]

Chrome:
=======
CHR Profile: C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
CHR Extension: (Google Drive) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-05]
CHR Extension: (YouTube) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-05]
CHR Extension: (Google Cast) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-06-05]
CHR Extension: (Google Search) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-05]
CHR Extension: (Google Wallet) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-05]
CHR Extension: (Gmail) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-29] (AVAST Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-08] (Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-17] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 nlsX86cc; C:\WINDOWS\system32\nlssrv32.exe [66560 2010-11-22] (Nalpeiron Ltd.) [File not signed]
R2 nlsX86cc; C:\WINDOWS\SysWOW64\nlssrv32.exe [66560 2010-11-22] (Nalpeiron Ltd.) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 ShuttleEngine; C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe [99840 2013-08-26] (Contour Design, Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-29] (AVAST Software)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-09] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-09] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-09] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-06-17] (Intel Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-04] ()
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-11-11] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-07] (Synaptics Incorporated)
R1 swsedrvr_vw_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vw_1_10_0_25.sys [57720 2015-09-22] (SS)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-25 17:59 - 2015-11-25 17:59 - 00022372 _____ C:\Users\patri_000\Downloads\FRST.txt
2015-11-25 17:59 - 2015-11-25 17:59 - 00000000 ____D C:\FRST
2015-11-25 17:58 - 2015-11-25 17:58 - 02348544 _____ (Farbar) C:\Users\patri_000\Downloads\FRST64.exe
2015-11-25 17:45 - 2015-11-25 17:45 - 00016148 _____ C:\WINDOWS\system32\TOUCHOFGREY_patri_000_HistoryPrediction.bin
2015-11-21 19:15 - 2015-11-21 19:15 - 00000000 ____D C:\Users\patri_000\Downloads\Burnt 2015 English Movies HDCam XviD AAC Audio Cleaned New Source with sample ~ ☻rDX☻
2015-11-18 18:27 - 2015-11-18 18:27 - 00127108 _____ C:\Users\patri_000\Documents\chrysler sale vadmv record.pdf
2015-11-16 04:44 - 2015-11-16 04:44 - 00004530 _____ C:\Users\patri_000\Documents\pivotcode.txt
2015-11-14 11:52 - 2015-11-14 12:12 - 00000000 ____D C:\Users\patri_000\Downloads\Calendar Girls (2015) x264 2CD WEBHD AAC M-SubS[HDMaN ExCluSive]
2015-11-14 11:52 - 2015-11-14 12:12 - 00000000 ____D C:\Users\patri_000\Downloads\Burnt 2015 CAM ENG READNFO XviD-CPG
2015-11-14 11:46 - 2015-11-14 11:53 - 838842143 _____ C:\Users\patri_000\Downloads\Entertainment.2015.720p.WEB-DL.800MB.ShAaNiG.mkv
2015-11-12 03:10 - 2015-11-12 03:10 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-11-11 18:56 - 2015-11-11 18:56 - 09898720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2015-11-11 06:39 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 06:39 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 06:39 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 06:39 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 06:39 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 06:39 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 06:39 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 06:39 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 06:39 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 06:39 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 06:39 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 06:39 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 06:39 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 06:39 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 06:39 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 06:39 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 06:39 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 06:39 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 06:39 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 06:39 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 06:39 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 06:39 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 06:39 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 06:39 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 06:39 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 06:39 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 06:39 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 06:39 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 06:39 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 06:39 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 06:39 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 06:39 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 06:39 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 06:39 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 06:39 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 06:39 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 06:39 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 06:39 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 06:39 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 06:39 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 06:39 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 06:39 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 06:39 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 06:39 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 06:39 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 06:39 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 06:39 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 06:39 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 06:39 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 06:39 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 06:39 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 06:39 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 06:39 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-09 16:29 - 2015-11-09 16:29 - 00000000 ____D C:\Users\patri_000\Downloads\Mistress.America.2015.HDRip.XviD.AC3-EVO
2015-11-04 04:08 - 2015-11-04 04:08 - 03530042 _____ C:\Users\patri_000\Documents\Excel Pivot Tables Recipe Book - A Problem-Solution Approach (2006).pdf
2015-11-04 04:07 - 2015-11-04 04:07 - 13185386 _____ C:\Users\patri_000\Documents\Pivot Table Datta Crunching for MS Excel 2007.pdf
2015-10-31 04:40 - 2015-10-31 04:43 - 11519036 _____ C:\Users\patri_000\Downloads\Pivot Table Datta Crunching for MS Excel 2007.pdf
2015-10-31 04:25 - 2015-10-31 04:37 - 00000000 ____D C:\Users\patri_000\Downloads\Excel Pivot Tables Recipe Book - A Problem-Solution Approach (2006) & Excel Programming Weekend Crash Course (2003)
2015-10-31 04:03 - 2015-10-31 04:14 - 00000000 ____D C:\Users\patri_000\Downloads\VBA
2015-10-31 03:58 - 2015-10-31 04:08 - 00000000 ____D C:\Users\patri_000\Downloads\Raspberry Pi
2015-10-29 12:59 - 2015-10-29 12:59 - 00000000 ____D C:\Users\patri_000\AppData\Roaming\AVAST Software
2015-10-29 12:58 - 2015-11-06 12:58 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-10-29 12:58 - 2015-11-06 12:58 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-29 12:58 - 2015-10-29 12:58 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-29 12:58 - 2015-10-29 12:58 - 00001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-10-29 12:58 - 2015-10-29 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-10-29 12:57 - 2015-10-29 12:57 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-29 12:56 - 2015-10-29 12:56 - 00000000 ____D C:\Program Files\AVAST Software
2015-10-29 12:55 - 2015-10-29 12:55 - 05693032 _____ (AVAST Software) C:\Users\patri_000\Downloads\avast_free_antivirus_setup_online.exe
2015-10-29 12:55 - 2015-10-29 12:55 - 00000000 ____D C:\ProgramData\AVAST Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-25 17:59 - 2015-07-10 04:47 - 00000000 ____D C:\Windows
2015-11-25 17:58 - 2013-12-24 14:33 - 00000000 ____D C:\Users\patri_000\AppData\Roaming\uTorrent
2015-11-25 14:32 - 2015-10-17 11:57 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-25 14:32 - 2015-07-30 17:40 - 00000000 ____D C:\WINDOWS\INF
2015-11-25 14:27 - 2015-09-18 16:26 - 00000000 ____D C:\Users\patri_000\AppData\LocalLow\uTorrent
2015-11-25 14:26 - 2014-11-24 17:59 - 00000000 __SHD C:\Users\patri_000\IntelGraphicsProfiles
2015-11-25 14:25 - 2015-07-30 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-25 14:22 - 2013-12-21 17:13 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001UA.job
2015-11-25 14:20 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-25 14:17 - 2015-10-17 12:44 - 00003338 _____ C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2015-11-25 13:57 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-25 07:30 - 2015-07-30 17:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-11-25 07:25 - 2015-03-15 21:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-24 18:21 - 2013-12-21 17:13 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001Core.job
2015-11-24 10:48 - 2015-07-30 17:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-21 19:15 - 2013-12-24 14:37 - 00000000 ____D C:\Program Files\PeerBlock
2015-11-18 18:27 - 2015-07-23 08:22 - 00000000 ____D C:\Users\patri_000\AppData\Local\CutePDF Writer
2015-11-16 14:57 - 2015-10-17 11:42 - 00000000 ____D C:\Users\patri_000
2015-11-15 03:52 - 2013-12-29 14:20 - 00000000 ____D C:\Users\patri_000\AppData\Roaming\vlc
2015-11-14 16:50 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 05:16 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-12 05:15 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-12 03:26 - 2015-09-10 08:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-12 03:26 - 2015-09-10 08:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 03:23 - 2015-07-30 17:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-12 03:09 - 2013-12-23 21:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 03:09 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-11-12 03:04 - 2013-12-23 21:27 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-11 19:23 - 2013-12-21 17:16 - 00002518 _____ C:\Users\patri_000\Desktop\Google Chrome.lnk
2015-11-11 18:56 - 2015-05-14 11:10 - 00410848 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2015-11-11 18:56 - 2015-05-14 11:10 - 00091872 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2015-11-11 18:56 - 2013-11-06 08:26 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-11-11 12:25 - 2015-03-15 21:18 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-03 13:20 - 2015-07-30 17:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 13:20 - 2015-07-30 17:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 21:50 - 2015-09-26 06:36 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2015-10-25 05:21 - 2015-10-25 05:22 - 0001281 _____ () C:\Users\patri_000\AppData\Roaming\Bubble Dock.boostrap.log
2015-10-25 05:22 - 2015-10-25 05:22 - 0005737 _____ () C:\Users\patri_000\AppData\Roaming\Bubble Dock.installation.log
2015-10-25 05:22 - 2015-10-25 05:22 - 0000078 _____ () C:\Users\patri_000\AppData\Roaming\Selection Tools.installation.log
2015-10-25 05:21 - 2015-10-25 05:21 - 0000097 _____ () C:\Users\patri_000\AppData\Roaming\WindApp.boostrap.log
2015-10-25 05:22 - 2015-10-25 05:22 - 0000078 _____ () C:\Users\patri_000\AppData\Roaming\WindApp.installation.log
2013-11-06 08:41 - 2013-11-06 08:42 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-11-06 08:37 - 2013-11-06 08:38 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-11-06 08:38 - 2013-11-06 08:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-11-06 08:36 - 2013-11-06 08:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-11-06 08:39 - 2013-11-06 08:41 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\patri_000\AppData\Local\Temp\netstream.exe
C:\Users\patri_000\AppData\Local\Temp\The+Dead+End+2015+HD1080P+X264+AAC+Mandarin+CHS+Mp4Ba__15022_i1722736069_il1854021.exe
C:\Users\patri_000\AppData\Local\Temp\vlc-2.2.1-win32.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-18 15:16

==================== End of FRST.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 02
Ran by patri_000 (administrator) on TOUCHOFGREY (25-11-2015 17:59:21)
Running from C:\Users\patri_000\Downloads
Loaded Profiles: patri_000 (Available Profiles: patri_000 & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Contour Design, Inc.) C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(BitTorrent Inc.) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Contour Design, Inc.) C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
(BitTorrent Inc.) C:\Users\patri_000\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(BitTorrent Inc.) C:\Users\patri_000\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6416.42001.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6418.23501.0_x64__8wekyb3d8bbwe\HubTaskHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [5010224 2012-07-13] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-07] (Synaptics Incorporated)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285680 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Contour Shuttle Device Helper] => C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe [128000 2013-08-26] (Contour Design, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)
HKLM-x32\...\Run: [ospd_us_014010123] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [Google Update] => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-10] (Google Inc.)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-04] (PeerBlock, LLC)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [EPSON Stylus Photo R280 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE [213504 2007-04-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [uTorrent] => C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [WindApp] => "C:\Users\patri_000\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [Selection Tools] => "C:\Users\patri_000\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\RunOnce: [Uninstall C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\MountPoints2: {6adfeada-4a42-11e5-bebb-681729f16340} - "G:\DTVP_Launcher.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-29] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Startup: C:\Users\patri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{63155eb5-97b5-4064-ba12-b9aa9cbb2a40}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95b8d7f3-d84b-4228-a7e8-0d2c896bb31b}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001 -> DefaultScope {98CA42E9-1562-4F0E-868F-878FE766C7A8} URL =
SearchScopes: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001 -> {98CA42E9-1562-4F0E-868F-878FE766C7A8} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-29] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-08] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-29] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-08-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2014-11-08] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1294961462-4170339457-2841224387-1001: @tools.google.com/Google Update;version=3 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1294961462-4170339457-2841224387-1001: @tools.google.com/Google Update;version=9 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-29] [not signed]

Chrome:
=======
CHR Profile: C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
CHR Extension: (Google Drive) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-05]
CHR Extension: (YouTube) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-05]
CHR Extension: (Google Cast) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-06-05]
CHR Extension: (Google Search) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-05]
CHR Extension: (Google Wallet) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-05]
CHR Extension: (Gmail) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-29] (AVAST Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-08] (Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-17] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 nlsX86cc; C:\WINDOWS\system32\nlssrv32.exe [66560 2010-11-22] (Nalpeiron Ltd.) [File not signed]
R2 nlsX86cc; C:\WINDOWS\SysWOW64\nlssrv32.exe [66560 2010-11-22] (Nalpeiron Ltd.) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 ShuttleEngine; C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe [99840 2013-08-26] (Contour Design, Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-29] (AVAST Software)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-09] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-09] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-09] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-06-17] (Intel Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-04] ()
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-11-11] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-07] (Synaptics Incorporated)
R1 swsedrvr_vw_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vw_1_10_0_25.sys [57720 2015-09-22] (SS)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-25 17:59 - 2015-11-25 17:59 - 00022372 _____ C:\Users\patri_000\Downloads\FRST.txt
2015-11-25 17:59 - 2015-11-25 17:59 - 00000000 ____D C:\FRST
2015-11-25 17:58 - 2015-11-25 17:58 - 02348544 _____ (Farbar) C:\Users\patri_000\Downloads\FRST64.exe
2015-11-25 17:45 - 2015-11-25 17:45 - 00016148 _____ C:\WINDOWS\system32\TOUCHOFGREY_patri_000_HistoryPrediction.bin
2015-11-21 19:15 - 2015-11-21 19:15 - 00000000 ____D C:\Users\patri_000\Downloads\Burnt 2015 English Movies HDCam XviD AAC Audio Cleaned New Source with sample ~ ☻rDX☻
2015-11-18 18:27 - 2015-11-18 18:27 - 00127108 _____ C:\Users\patri_000\Documents\chrysler sale vadmv record.pdf
2015-11-16 04:44 - 2015-11-16 04:44 - 00004530 _____ C:\Users\patri_000\Documents\pivotcode.txt
2015-11-14 11:52 - 2015-11-14 12:12 - 00000000 ____D C:\Users\patri_000\Downloads\Calendar Girls (2015) x264 2CD WEBHD AAC M-SubS[HDMaN ExCluSive]
2015-11-14 11:52 - 2015-11-14 12:12 - 00000000 ____D C:\Users\patri_000\Downloads\Burnt 2015 CAM ENG READNFO XviD-CPG
2015-11-14 11:46 - 2015-11-14 11:53 - 838842143 _____ C:\Users\patri_000\Downloads\Entertainment.2015.720p.WEB-DL.800MB.ShAaNiG.mkv
2015-11-12 03:10 - 2015-11-12 03:10 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-11-11 18:56 - 2015-11-11 18:56 - 09898720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2015-11-11 06:39 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 06:39 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 06:39 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 06:39 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 06:39 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 06:39 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 06:39 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 06:39 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 06:39 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 06:39 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 06:39 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 06:39 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 06:39 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 06:39 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 06:39 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 06:39 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 06:39 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 06:39 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 06:39 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 06:39 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 06:39 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 06:39 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 06:39 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 06:39 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 06:39 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 06:39 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 06:39 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 06:39 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 06:39 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 06:39 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 06:39 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 06:39 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 06:39 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 06:39 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 06:39 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 06:39 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 06:39 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 06:39 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 06:39 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 06:39 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 06:39 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 06:39 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 06:39 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 06:39 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 06:39 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 06:39 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 06:39 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 06:39 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 06:39 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 06:39 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 06:39 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 06:39 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 06:39 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-09 16:29 - 2015-11-09 16:29 - 00000000 ____D C:\Users\patri_000\Downloads\Mistress.America.2015.HDRip.XviD.AC3-EVO
2015-11-04 04:08 - 2015-11-04 04:08 - 03530042 _____ C:\Users\patri_000\Documents\Excel Pivot Tables Recipe Book - A Problem-Solution Approach (2006).pdf
2015-11-04 04:07 - 2015-11-04 04:07 - 13185386 _____ C:\Users\patri_000\Documents\Pivot Table Datta Crunching for MS Excel 2007.pdf
2015-10-31 04:40 - 2015-10-31 04:43 - 11519036 _____ C:\Users\patri_000\Downloads\Pivot Table Datta Crunching for MS Excel 2007.pdf
2015-10-31 04:25 - 2015-10-31 04:37 - 00000000 ____D C:\Users\patri_000\Downloads\Excel Pivot Tables Recipe Book - A Problem-Solution Approach (2006) & Excel Programming Weekend Crash Course (2003)
2015-10-31 04:03 - 2015-10-31 04:14 - 00000000 ____D C:\Users\patri_000\Downloads\VBA
2015-10-31 03:58 - 2015-10-31 04:08 - 00000000 ____D C:\Users\patri_000\Downloads\Raspberry Pi
2015-10-29 12:59 - 2015-10-29 12:59 - 00000000 ____D C:\Users\patri_000\AppData\Roaming\AVAST Software
2015-10-29 12:58 - 2015-11-06 12:58 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-10-29 12:58 - 2015-11-06 12:58 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-29 12:58 - 2015-10-29 12:58 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-29 12:58 - 2015-10-29 12:58 - 00001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-10-29 12:58 - 2015-10-29 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-10-29 12:57 - 2015-10-29 12:57 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-29 12:56 - 2015-10-29 12:56 - 00000000 ____D C:\Program Files\AVAST Software
2015-10-29 12:55 - 2015-10-29 12:55 - 05693032 _____ (AVAST Software) C:\Users\patri_000\Downloads\avast_free_antivirus_setup_online.exe
2015-10-29 12:55 - 2015-10-29 12:55 - 00000000 ____D C:\ProgramData\AVAST Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-25 17:59 - 2015-07-10 04:47 - 00000000 ____D C:\Windows
2015-11-25 17:58 - 2013-12-24 14:33 - 00000000 ____D C:\Users\patri_000\AppData\Roaming\uTorrent
2015-11-25 14:32 - 2015-10-17 11:57 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-25 14:32 - 2015-07-30 17:40 - 00000000 ____D C:\WINDOWS\INF
2015-11-25 14:27 - 2015-09-18 16:26 - 00000000 ____D C:\Users\patri_000\AppData\LocalLow\uTorrent
2015-11-25 14:26 - 2014-11-24 17:59 - 00000000 __SHD C:\Users\patri_000\IntelGraphicsProfiles
2015-11-25 14:25 - 2015-07-30 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-25 14:22 - 2013-12-21 17:13 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001UA.job
2015-11-25 14:20 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-25 14:17 - 2015-10-17 12:44 - 00003338 _____ C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2015-11-25 13:57 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-25 07:30 - 2015-07-30 17:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-11-25 07:25 - 2015-03-15 21:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-24 18:21 - 2013-12-21 17:13 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001Core.job
2015-11-24 10:48 - 2015-07-30 17:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-21 19:15 - 2013-12-24 14:37 - 00000000 ____D C:\Program Files\PeerBlock
2015-11-18 18:27 - 2015-07-23 08:22 - 00000000 ____D C:\Users\patri_000\AppData\Local\CutePDF Writer
2015-11-16 14:57 - 2015-10-17 11:42 - 00000000 ____D C:\Users\patri_000
2015-11-15 03:52 - 2013-12-29 14:20 - 00000000 ____D C:\Users\patri_000\AppData\Roaming\vlc
2015-11-14 16:50 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 05:16 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-12 05:15 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-12 03:26 - 2015-09-10 08:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-12 03:26 - 2015-09-10 08:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 03:23 - 2015-07-30 17:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-12 03:09 - 2013-12-23 21:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 03:09 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-11-12 03:04 - 2013-12-23 21:27 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-11 19:23 - 2013-12-21 17:16 - 00002518 _____ C:\Users\patri_000\Desktop\Google Chrome.lnk
2015-11-11 18:56 - 2015-05-14 11:10 - 00410848 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2015-11-11 18:56 - 2015-05-14 11:10 - 00091872 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2015-11-11 18:56 - 2013-11-06 08:26 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-11-11 12:25 - 2015-03-15 21:18 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-03 13:20 - 2015-07-30 17:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 13:20 - 2015-07-30 17:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 21:50 - 2015-09-26 06:36 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2015-10-25 05:21 - 2015-10-25 05:22 - 0001281 _____ () C:\Users\patri_000\AppData\Roaming\Bubble Dock.boostrap.log
2015-10-25 05:22 - 2015-10-25 05:22 - 0005737 _____ () C:\Users\patri_000\AppData\Roaming\Bubble Dock.installation.log
2015-10-25 05:22 - 2015-10-25 05:22 - 0000078 _____ () C:\Users\patri_000\AppData\Roaming\Selection Tools.installation.log
2015-10-25 05:21 - 2015-10-25 05:21 - 0000097 _____ () C:\Users\patri_000\AppData\Roaming\WindApp.boostrap.log
2015-10-25 05:22 - 2015-10-25 05:22 - 0000078 _____ () C:\Users\patri_000\AppData\Roaming\WindApp.installation.log
2013-11-06 08:41 - 2013-11-06 08:42 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-11-06 08:37 - 2013-11-06 08:38 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-11-06 08:38 - 2013-11-06 08:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-11-06 08:36 - 2013-11-06 08:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-11-06 08:39 - 2013-11-06 08:41 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\patri_000\AppData\Local\Temp\netstream.exe
C:\Users\patri_000\AppData\Local\Temp\The+Dead+End+2015+HD1080P+X264+AAC+Mandarin+CHS+Mp4Ba__15022_i1722736069_il1854021.exe
C:\Users\patri_000\AppData\Local\Temp\vlc-2.2.1-win32.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-18 15:16

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02
Ran by patri_000 (2015-11-25 18:01:49)
Running from C:\Users\patri_000\Downloads
Windows 10 Home (X64) (2015-10-17 17:41:57)
Boot Mode: Normal
==========================================================

 

==================== Accounts: =============================

Administrator (S-1-5-21-1294961462-4170339457-2841224387-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1294961462-4170339457-2841224387-503 - Limited - Disabled)
Guest (S-1-5-21-1294961462-4170339457-2841224387-501 - Limited - Disabled)
patri_000 (S-1-5-21-1294961462-4170339457-2841224387-1001 - Administrator - Enabled) => C:\Users\patri_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
4Card Recovery (HKLM-x32\...\{6FE4072A-E968-438D-967A-F641BE28B279}_is1) (Version: 2.0 - 4CardRecovery)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
calibre (HKLM-x32\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
ChromecastApp (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Contour Shuttle (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 2.10 - Contour Design, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.13 - Synaptics Incorporated)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
DVD Architect Pro 6.0 (HKLM-x32\...\{E0E531A2-17C1-11E2-984D-1040F3E7010F}) (Version: 6.0.237 - Sony)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® My WiFi Dashboard (HKLM\...\{1E741267-F54B-4b3a-A7B6-1D1A156E385E}) (Version: 15.05.5000.0219 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.4.1001 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iStonsoft Free YouTube Downloader (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\iStonsoft Free YouTube Downloader) (Version: 2.1.56 - iStonsoft)
Java™ 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
LG United Mobile Drivers (HKLM-x32\...\{2D5218EB-6992-46E3-8ECE-76C79AB955CE}) (Version: 3.13.2.0 - LG Electronics)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Excel 2013 XLL Software Development Kit (HKLM-x32\...\{90150000-00D2-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio SDK 2013 (HKLM\...\{95150000-0050-0409-1000-0000000FF1CE}) (Version: 15.0.4454.1509 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
PlayMemories Home (HKLM-x32\...\{7EA1A4E8-A5CE-4626-87DC-6DEF99BAE931}) (Version: 3.1.11.04230 - Sony Corporation)
PluralEyes for Vegas Pro (HKLM\...\{173D1F6B-87A2-4192-9943-392FEAAFDFFE}_is1) (Version: 2.0.3 - Singular Software Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Pulse Secure Setup Client (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Juniper_Setup_Client) (Version: 8.1.4.60057 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Terminal Services Client (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Juniper_Term_Services) (Version: 8.1.4.37085 - Pulse Secure, LLC)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.04.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
SimpleOCR 3.1 (HKLM-x32\...\SimpleOCR 3.1) (Version:  - )
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sound Forge Pro 11.0 (HKLM-x32\...\{437C8730-3505-11E3-9509-F04DA23A5C58}) (Version: 11.0.272 - Sony)
Trader's Little Helper 2.7.0 (HKLM-x32\...\TradersLittleHelper_is1) (Version: 2.7.0 - Robert Hoffmann)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
Video Converter version 6.0.0 (HKLM-x32\...\Video Converter_is1) (Version: 6.0.0 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare PDF Editor OCR (HKLM-x32\...\{408133BA-3665-4EF5-9DC4-E6A475DA8119}_is1) (Version: 3.6.0.9 - Wondershare Software Co.,Ltd.)
Wondershare PDFelement(Build 4.0.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 4.0.0.3 - Wondershare Software Co.,Ltd.)
Засоби перевірки правопису Microsoft Office 2013 – українська мова (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Restore Points =========================

06-11-2015 03:09:43 Scheduled Checkpoint
12-11-2015 02:58:31 Windows Update
21-11-2015 07:21:47 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09B0FE3C-9F71-43BF-BE31-A8A398E1844D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {10E75F69-78CF-4514-96D1-C51BEFD085A5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1119CBB2-F0C7-4011-81DF-A8758CBA74CC} - System32\Tasks\{93F2DB5A-6B71-45A3-8702-98954E1BDB93} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {1F9AC970-25AF-48A6-9F63-B6F158D48115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2D7AE34B-40C9-40BD-862C-DAC7852B3FF4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-29] (AVAST Software)
Task: {2FD69FF5-CB5A-4E1A-ACE1-764E8CF2E92C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {30EDFB61-F544-4E5E-B8F5-2ECCFDC8B839} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
Task: {37063F22-F2A5-42F9-9CC5-EC21FAA6D881} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3D72F90F-C0B3-45E5-A0F1-B84DD7739254} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {430F935D-C653-41C3-A4DE-C7050D4A3DB8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {453C8FA7-80C7-4AA3-AFD4-3BE4EDF32F77} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {4E1730B4-F696-4453-80F6-C9B6743835FE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {58385222-8C18-47D2-94B7-9A6DDA8BF797} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {589A5DB3-4905-4363-B7C8-B9FD12934F8C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {59E25824-46D9-473D-BAB1-2915889B53AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5C9248EF-0B06-41ED-B62C-898242678199} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {6EBD7945-471E-437C-9281-0BAB939F8D22} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001UA => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-10] (Google Inc.)
Task: {70D1C8C1-AD15-4C4D-AF81-EC8BAEC9C990} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {75F47BE2-F6BE-4EAB-85EE-1D32FF77550F} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [2012-07-13] (Intel® Corporation)
Task: {7B9E805C-AEAE-46D6-8CB9-0D6295FD3CFB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {80161CE3-FD5D-4483-B25E-F2B6B22493AA} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: {80FF3D51-9771-4C09-A17C-379FB161A6FF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {844D17E6-0BE9-4C04-BDF8-B30D05866451} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {86CADDF1-1C26-436F-B921-05BC4C599C42} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {86D0EAFD-511C-47EF-A349-F864996D5435} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {A7428B34-211F-4B11-A84E-87EBBC68C465} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AC0CF069-CBE3-4504-AEC4-6AD7FD559596} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {AFFBB1E4-C357-4A1A-B866-945C585498A2} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {B8491981-3182-4331-96CD-154BABD3A5FB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C00E0E6C-CA37-4B06-A685-2061C462E6EA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C03743CB-4E80-46DF-B876-E09195D66050} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-12] (Microsoft Corporation)
Task: {C0579B56-9F6A-46E1-94BD-4DB74577905B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CB7785F3-543A-460B-8582-3CA02FE73439} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CEF52B14-1D34-4A16-9C76-262BB1C4BF3B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E37F6728-4A25-4ED7-BAA9-E78540B324F4} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
Task: {E511C9C6-61BA-4107-BC01-B8BA0239AE07} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {F4FA4FF8-CC22-47E9-9D2C-BF683FA6BE9B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001Core => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-10] (Google Inc.)
Task: {FEE399C7-970A-40D3-8087-F437BD0B05B8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001Core.job => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001UA.job => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-09 22:33 - 2015-07-09 22:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-23 08:19 - 2013-10-23 14:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2014-03-25 16:26 - 2011-04-11 00:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2013-11-06 08:39 - 2012-04-24 21:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-10-17 15:31 - 2015-10-17 15:31 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 22:13 - 2015-07-09 22:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02641760 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02108256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2015-10-29 12:57 - 2015-10-29 12:57 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-29 12:57 - 2015-10-29 12:57 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-24 15:45 - 2015-11-24 15:45 - 02994688 _____ () C:\Program Files\AVAST Software\Avast\defs\15112402\algo.dll
2015-11-25 14:31 - 2015-11-25 14:31 - 02995712 _____ () C:\Program Files\AVAST Software\Avast\defs\15112501\algo.dll
2015-10-29 12:58 - 2015-10-29 12:58 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-06 08:38 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-11-01 03:54 - 2015-11-01 03:54 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\c986c6671c3c54888ead5b238ef40475\PSIClient.ni.dll
2013-11-06 08:24 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1374505D-E345-40C7-A812-2A513F0F91AD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B7B647A1-1EAD-4E0F-85CA-8943FA0BBCB5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6FA4DC2F-FD83-4F85-8E02-231AB55111A9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D55706A4-B5ED-4CC0-BA28-7D02BE2ED5F8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D9247E77-2B17-42BF-9D72-A6153A1B9F6D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{64B73AEC-94AA-42F0-BD6B-06C093EFAF1A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{39C4EDF2-6C34-44C5-B739-866D8E56FF4B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AB769E3C-6BF7-4A36-94D5-8B6B0435F310}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{101D150D-A79C-41EE-8951-70187C4A16B1}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{B546D163-FF5E-490A-8572-60D2213A3143}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{37FF098C-9300-4544-994B-0A00C6A1B18C}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{82535045-8407-43F1-B4CC-27817EE5DA1D}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
FirewallRules: [{601990E4-F5D3-4BCC-8D21-11073A1836CA}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
FirewallRules: [{94E2736A-2741-43B3-9EC7-76BA2A4C9996}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDash.exe
FirewallRules: [{481B07EE-FA39-4837-9CF4-9C7BC4D81E77}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDash.exe
FirewallRules: [{4E335B77-3A31-45DC-BB83-0054420B93C7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{3323D84C-6EA8-4FB7-AE3F-96DBA97A3C93}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{70C87FE4-52C8-48DD-BA54-6E628658882F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{95E42DFA-64D9-4345-AD19-F549C8F268E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DB02B69D-EFEF-40CF-BB9D-A1869D118B6F}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{28502CF3-4CA1-49CE-9AC9-E09CAFCEDD35}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F40CBA17-CF9F-428E-8D25-660C6CC0AF96}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E2B64BB9-59F0-4FA4-9446-FBF28B750585}] => (Allow) C:\Users\patri_000\AppData\Local\Temp\Ins59C\Setup.exe
FirewallRules: [{DCB3C96D-7BFF-4C64-BDF4-66EFB6BC980D}] => (Allow) C:\Users\patri_000\AppData\Local\Temp\Ins59C\Setup.exe
FirewallRules: [{B011ABDB-0252-49C7-B62E-6E36E5CB53F0}] => (Allow) C:\Users\patri_000\AppData\Local\Temp\Ins59C\Setup.exe
FirewallRules: [{7B248379-E510-4A66-A783-CACE2900FCFC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{3FE6CB23-805F-4937-9370-DD15782D1449}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{117A4915-0453-4586-A16B-F27E3EFF9312}] => (Allow) LPort=2869
FirewallRules: [{C42911B1-092F-4793-B353-8D6D42F579A6}] => (Allow) LPort=1900
FirewallRules: [{4FBE19AC-7A10-4BD5-8548-614046AC03D2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7B6B0A61-5DC2-451F-A729-D9905A83907C}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{C54D1572-3713-42A6-93E5-B1ADB28317A7}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{2AD1862A-3946-41B7-AE73-A8AA66CA96DA}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{35428C8B-6491-4CD4-AFEF-94E759D21AFB}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7A66CE37-14B8-4398-87F8-FB28792AC2E7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A95ADF5E-81A9-451D-8805-F2E52263F5E2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0832A76B-8DED-4145-9A9A-58FA8374C841}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{659DF796-7959-483D-B0E5-CFE5E599AD9F}] => (Block) C:\program files (x86)\skype\phone\skype.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2015 05:47:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.10240.16412 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 624

Start Time: 01d127b798cb6d60

Termination Time: 54

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 8acdbf60-93c6-11e5-becf-681729f16340

Faulting package full name:

Faulting package-relative application ID:

Error: (11/25/2015 02:29:50 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7084) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/25/2015 02:29:50 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7084) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/25/2015 02:29:39 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7084) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/25/2015 02:29:39 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7084) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/25/2015 02:29:29 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7084) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/25/2015 02:29:29 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7084) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/25/2015 02:29:19 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7084) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/25/2015 02:29:19 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7084) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/25/2015 02:29:08 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7084) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

System errors:
=============
Error: (11/25/2015 05:47:45 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (11/25/2015 05:45:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.

Error: (11/25/2015 02:29:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 8 0x0 0x0

Error: (11/25/2015 02:29:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 4 0x0 0x0

Error: (11/25/2015 02:29:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 1 0xc 0x4

Error: (11/25/2015 02:25:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:03:36 PM on ‎11/‎25/‎2015 was unexpected.

Error: (11/25/2015 02:17:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 4 0x0 0x0

Error: (11/25/2015 02:17:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 1 0xc 0x4

Error: (11/25/2015 02:13:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 8 0x0 0x0

Error: (11/25/2015 02:13:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 4 0x0 0x0

CodeIntegrity:
===================================
  Date: 2015-10-26 06:07:14.161
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-25 07:24:15.457
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:24:15.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:20:37.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:20:37.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:20:36.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:20:36.835
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:19:26.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:19:26.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:17:32.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 57%
Total physical RAM: 6010.51 MB
Available physical RAM: 2532.34 MB
Total Virtual: 7738.51 MB
Available Virtual: 4269.2 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:453.58 GB) (Free:192.93 GB) NTFS
Drive d: (Win8) (CDROM) (Total:2.14 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:58.08 GB) (Free:58.08 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 76793D4F)

Partition: GPT.

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: CA279B91)

Partition: GPT.

========================================================
Disk: 2 (Size: 58.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02
Ran by patri_000 (2015-11-25 18:01:49)
Running from C:\Users\patri_000\Downloads
Windows 10 Home (X64) (2015-10-17 17:41:57)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1294961462-4170339457-2841224387-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1294961462-4170339457-2841224387-503 - Limited - Disabled)
Guest (S-1-5-21-1294961462-4170339457-2841224387-501 - Limited - Disabled)
patri_000 (S-1-5-21-1294961462-4170339457-2841224387-1001 - Administrator - Enabled) => C:\Users\patri_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
4Card Recovery (HKLM-x32\...\{6FE4072A-E968-438D-967A-F641BE28B279}_is1) (Version: 2.0 - 4CardRecovery)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
calibre (HKLM-x32\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
ChromecastApp (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Contour Shuttle (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 2.10 - Contour Design, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.13 - Synaptics Incorporated)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
DVD Architect Pro 6.0 (HKLM-x32\...\{E0E531A2-17C1-11E2-984D-1040F3E7010F}) (Version: 6.0.237 - Sony)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® My WiFi Dashboard (HKLM\...\{1E741267-F54B-4b3a-A7B6-1D1A156E385E}) (Version: 15.05.5000.0219 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.4.1001 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iStonsoft Free YouTube Downloader (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\iStonsoft Free YouTube Downloader) (Version: 2.1.56 - iStonsoft)
Java™ 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
LG United Mobile Drivers (HKLM-x32\...\{2D5218EB-6992-46E3-8ECE-76C79AB955CE}) (Version: 3.13.2.0 - LG Electronics)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Excel 2013 XLL Software Development Kit (HKLM-x32\...\{90150000-00D2-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio SDK 2013 (HKLM\...\{95150000-0050-0409-1000-0000000FF1CE}) (Version: 15.0.4454.1509 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
PlayMemories Home (HKLM-x32\...\{7EA1A4E8-A5CE-4626-87DC-6DEF99BAE931}) (Version: 3.1.11.04230 - Sony Corporation)
PluralEyes for Vegas Pro (HKLM\...\{173D1F6B-87A2-4192-9943-392FEAAFDFFE}_is1) (Version: 2.0.3 - Singular Software Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Pulse Secure Setup Client (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Juniper_Setup_Client) (Version: 8.1.4.60057 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Terminal Services Client (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Juniper_Term_Services) (Version: 8.1.4.37085 - Pulse Secure, LLC)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.04.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
SimpleOCR 3.1 (HKLM-x32\...\SimpleOCR 3.1) (Version:  - )
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sound Forge Pro 11.0 (HKLM-x32\...\{437C8730-3505-11E3-9509-F04DA23A5C58}) (Version: 11.0.272 - Sony)
Trader's Little Helper 2.7.0 (HKLM-x32\...\TradersLittleHelper_is1) (Version: 2.7.0 - Robert Hoffmann)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
Video Converter version 6.0.0 (HKLM-x32\...\Video Converter_is1) (Version: 6.0.0 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare PDF Editor OCR (HKLM-x32\...\{408133BA-3665-4EF5-9DC4-E6A475DA8119}_is1) (Version: 3.6.0.9 - Wondershare Software Co.,Ltd.)
Wondershare PDFelement(Build 4.0.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 4.0.0.3 - Wondershare Software Co.,Ltd.)
Засоби перевірки правопису Microsoft Office 2013 – українська мова (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Restore Points =========================

06-11-2015 03:09:43 Scheduled Checkpoint
12-11-2015 02:58:31 Windows Update
21-11-2015 07:21:47 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09B0FE3C-9F71-43BF-BE31-A8A398E1844D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {10E75F69-78CF-4514-96D1-C51BEFD085A5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1119CBB2-F0C7-4011-81DF-A8758CBA74CC} - System32\Tasks\{93F2DB5A-6B71-45A3-8702-98954E1BDB93} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {1F9AC970-25AF-48A6-9F63-B6F158D48115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2D7AE34B-40C9-40BD-862C-DAC7852B3FF4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-29] (AVAST Software)
Task: {2FD69FF5-CB5A-4E1A-ACE1-764E8CF2E92C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {30EDFB61-F544-4E5E-B8F5-2ECCFDC8B839} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
Task: {37063F22-F2A5-42F9-9CC5-EC21FAA6D881} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3D72F90F-C0B3-45E5-A0F1-B84DD7739254} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {430F935D-C653-41C3-A4DE-C7050D4A3DB8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {453C8FA7-80C7-4AA3-AFD4-3BE4EDF32F77} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {4E1730B4-F696-4453-80F6-C9B6743835FE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {58385222-8C18-47D2-94B7-9A6DDA8BF797} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {589A5DB3-4905-4363-B7C8-B9FD12934F8C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {59E25824-46D9-473D-BAB1-2915889B53AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5C9248EF-0B06-41ED-B62C-898242678199} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {6EBD7945-471E-437C-9281-0BAB939F8D22} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001UA => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-10] (Google Inc.)
Task: {70D1C8C1-AD15-4C4D-AF81-EC8BAEC9C990} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {75F47BE2-F6BE-4EAB-85EE-1D32FF77550F} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [2012-07-13] (Intel® Corporation)
Task: {7B9E805C-AEAE-46D6-8CB9-0D6295FD3CFB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {80161CE3-FD5D-4483-B25E-F2B6B22493AA} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: {80FF3D51-9771-4C09-A17C-379FB161A6FF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {844D17E6-0BE9-4C04-BDF8-B30D05866451} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {86CADDF1-1C26-436F-B921-05BC4C599C42} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {86D0EAFD-511C-47EF-A349-F864996D5435} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {A7428B34-211F-4B11-A84E-87EBBC68C465} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AC0CF069-CBE3-4504-AEC4-6AD7FD559596} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {AFFBB1E4-C357-4A1A-B866-945C585498A2} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {B8491981-3182-4331-96CD-154BABD3A5FB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C00E0E6C-CA37-4B06-A685-2061C462E6EA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C03743CB-4E80-46DF-B876-E09195D66050} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-12] (Microsoft Corporation)
Task: {C0579B56-9F6A-46E1-94BD-4DB74577905B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CB7785F3-543A-460B-8582-3CA02FE73439} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CEF52B14-1D34-4A16-9C76-262BB1C4BF3B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E37F6728-4A25-4ED7-BAA9-E78540B324F4} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
Task: {E511C9C6-61BA-4107-BC01-B8BA0239AE07} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {F4FA4FF8-CC22-47E9-9D2C-BF683FA6BE9B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001Core => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-10] (Google Inc.)
Task: {FEE399C7-970A-40D3-8087-F437BD0B05B8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001Core.job => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001UA.job => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-09 22:33 - 2015-07-09 22:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-23 08:19 - 2013-10-23 14:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2014-03-25 16:26 - 2011-04-11 00:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2013-11-06 08:39 - 2012-04-24 21:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-10-17 15:31 - 2015-10-17 15:31 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 22:13 - 2015-07-09 22:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02641760 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02108256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2015-10-29 12:57 - 2015-10-29 12:57 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-29 12:57 - 2015-10-29 12:57 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-24 15:45 - 2015-11-24 15:45 - 02994688 _____ () C:\Program Files\AVAST Software\Avast\defs\15112402\algo.dll
2015-11-25 14:31 - 2015-11-25 14:31 - 02995712 _____ () C:\Program Files\AVAST Software\Avast\defs\15112501\algo.dll
2015-10-29 12:58 - 2015-10-29 12:58 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-06 08:38 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-11-01 03:54 - 2015-11-01 03:54 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\c986c6671c3c54888ead5b238ef40475\PSIClient.ni.dll
2013-11-06 08:24 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1374505D-E345-40C7-A812-2A513F0F91AD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B7B647A1-1EAD-4E0F-85CA-8943FA0BBCB5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6FA4DC2F-FD83-4F85-8E02-231AB55111A9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D55706A4-B5ED-4CC0-BA28-7D02BE2ED5F8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D9247E77-2B17-42BF-9D72-A6153A1B9F6D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{64B73AEC-94AA-42F0-BD6B-06C093EFAF1A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{39C4EDF2-6C34-44C5-B739-866D8E56FF4B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AB769E3C-6BF7-4A36-94D5-8B6B0435F310}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{101D150D-A79C-41EE-8951-70187C4A16B1}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{B546D163-FF5E-490A-8572-60D2213A3143}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{37FF098C-9300-4544-994B-0A00C6A1B18C}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{82535045-8407-43F1-B4CC-27817EE5DA1D}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
FirewallRules: [{601990E4-F5D3-4BCC-8D21-11073A1836CA}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
FirewallRules: [{94E2736A-2741-43B3-9EC7-76BA2A4C9996}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDash.exe
FirewallRules: [{481B07EE-FA39-4837-9CF4-9C7BC4D81E77}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDash.exe
FirewallRules: [{4E335B77-3A31-45DC-BB83-0054420B93C7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{3323D84C-6EA8-4FB7-AE3F-96DBA97A3C93}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{70C87FE4-52C8-48DD-BA54-6E628658882F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{95E42DFA-64D9-4345-AD19-F549C8F268E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DB02B69D-EFEF-40CF-BB9D-A1869D118B6F}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{28502CF3-4CA1-49CE-9AC9-E09CAFCEDD35}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F40CBA17-CF9F-428E-8D25-660C6CC0AF96}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E2B64BB9-59F0-4FA4-9446-FBF28B750585}] => (Allow) C:\Users\patri_000\AppData\Local\Temp\Ins59C\Setup.exe
FirewallRules: [{DCB3C96D-7BFF-4C64-BDF4-66EFB6BC980D}] => (Allow) C:\Users\patri_000\AppData\Local\Temp\Ins59C\Setup.exe
FirewallRules: [{B011ABDB-0252-49C7-B62E-6E36E5CB53F0}] => (Allow) C:\Users\patri_000\AppData\Local\Temp\Ins59C\Setup.exe
FirewallRules: [{7B248379-E510-4A66-A783-CACE2900FCFC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{3FE6CB23-805F-4937-9370-DD15782D1449}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{117A4915-0453-4586-A16B-F27E3EFF9312}] => (Allow) LPort=2869
FirewallRules: [{C42911B1-092F-4793-B353-8D6D42F579A6}] => (Allow) LPort=1900
FirewallRules: [{4FBE19AC-7A10-4BD5-8548-614046AC03D2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7B6B0A61-5DC2-451F-A729-D9905A83907C}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{C54D1572-3713-42A6-93E5-B1ADB28317A7}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{2AD1862A-3946-41B7-AE73-A8AA66CA96DA}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{35428C8B-6491-4CD4-AFEF-94E759D21AFB}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7A66CE37-14B8-4398-87F8-FB28792AC2E7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A95ADF5E-81A9-451D-8805-F2E52263F5E2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0832A76B-8DED-4145-9A9A-58FA8374C841}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{659DF796-7959-483D-B0E5-CFE5E599AD9F}] => (Block) C:\program files (x86)\skype\phone\skype.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2015 05:47:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.10240.16412 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 624

Start Time: 01d127b798cb6d60

Termination Time: 54

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 8acdbf60-93c6-11e5-becf-681729f16340

Faulting package full name:

Faulting package-relative application ID:

Error: (11/25/2015 02:29:50 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7084) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/25/2015 02:29:50 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7084) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/25/2015 02:29:39 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7084) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/25/2015 02:29:39 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7084) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/25/2015 02:29:29 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7084) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/25/2015 02:29:29 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7084) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/25/2015 02:29:19 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7084) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (11/25/2015 02:29:19 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7084) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (11/25/2015 02:29:08 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7084) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

System errors:
=============
Error: (11/25/2015 05:47:45 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (11/25/2015 05:45:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.

Error: (11/25/2015 02:29:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 8 0x0 0x0

Error: (11/25/2015 02:29:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 4 0x0 0x0

Error: (11/25/2015 02:29:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 1 0xc 0x4

Error: (11/25/2015 02:25:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:03:36 PM on ‎11/‎25/‎2015 was unexpected.

Error: (11/25/2015 02:17:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 4 0x0 0x0

Error: (11/25/2015 02:17:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 1 0xc 0x4

Error: (11/25/2015 02:13:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 8 0x0 0x0

Error: (11/25/2015 02:13:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 4 0x0 0x0

CodeIntegrity:
===================================
  Date: 2015-10-26 06:07:14.161
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-25 07:24:15.457
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:24:15.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:20:37.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:20:37.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:20:36.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:20:36.835
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:19:26.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:19:26.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-25 07:17:32.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 57%
Total physical RAM: 6010.51 MB
Available physical RAM: 2532.34 MB
Total Virtual: 7738.51 MB
Available Virtual: 4269.2 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:453.58 GB) (Free:192.93 GB) NTFS
Drive d: (Win8) (CDROM) (Total:2.14 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:58.08 GB) (Free:58.08 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 76793D4F)

Partition: GPT.

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: CA279B91)

Partition: GPT.

========================================================
Disk: 2 (Size: 58.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
BrianDrab
Posted 25 November 2015 - 07:21 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

Let's get started. I do see some adware that needs to be cleaned up. Please do the following.

 

Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool. Click I agree if you agree with the terms of use.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[C1].txt as well.

 

Step#2 - JRT by Malwarebytes
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3. The tool will open. Press any key at the Disclaimer screen and the program will start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. Post the contents of JRT.txt into your next message.

 

Items for your next post

1. AdwareCleaner log

2. JRT log

 


  • 0

#3
hophead
Posted 26 November 2015 - 06:54 AM

hophead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Thanks for the help Brian

 

1. AdwareCleaner log

 

 # AdwCleaner v5.022 - Logfile created 26/11/2015 at 07:36:07
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : patri_000 - TOUCHOFGREY
# Running from : C:\Users\patri_000\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swsedrvr_vw_1_10_0_25

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\albrechto
[-] Folder Deleted : C:\Program Files (x86)\Exploremedia
[-] Folder Deleted : C:\ProgramData\MovieDeaConfig
[-] Folder Deleted : C:\Users\patri_000\AppData\Roaming\Nosibay
[-] Folder Deleted : C:\Users\patri_000\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\patri_000\AppData\Roaming\Store
[-] Folder Deleted : C:\Users\patri_000\AppData\Roaming\WTools

***** [ Files ] *****

[-] File Deleted : C:\Users\PATRI_~1\AppData\Local\Temp\task.vbs
[-] File Deleted : C:\Users\patri_000\AppData\Roaming\Bubble Dock.boostrap.log
[-] File Deleted : C:\Users\patri_000\AppData\Roaming\Bubble Dock.installation.log
[-] File Deleted : C:\Users\patri_000\AppData\Roaming\Selection Tools.installation.log
[-] File Deleted : C:\Users\patri_000\AppData\Roaming\WindApp.boostrap.log
[-] File Deleted : C:\Users\patri_000\AppData\Roaming\WindApp.installation.log
[-] File Deleted : C:\WINDOWS\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : SwiftSearch Auto Updater 1.10.0.25 Core
[-] Task Deleted : SwiftSearch Auto Updater 1.10.0.25 Pending Update

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]
[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [MovieDea.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ospd_us_014010123]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : HKCU\Software\Nosibay
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\WTools
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\ONESOFTPERDAY
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\MovieDea
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\BubbleSound
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

***** [ Web browsers ] *****

[-] [C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nkopijddpkmggacdghppacglggodkcod

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3631 bytes] ##########
 

 

 

2. JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by patri_000 (Administrator) on Thu 11/26/2015 at  7:42:35.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 4

Successfully deleted: C:\Users\PATRI_~1\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001 (File)
Successfully deleted: C:\Users\PATRI_~1\AppData\Local\Temp\vitruvian-installer-install-v0003 (File)
Successfully deleted: C:\Users\PATRI_~1\AppData\Local\Temp\vitruvian-installer-processes-v0002 (File)
Successfully deleted: C:\Users\PATRI_~1\AppData\Local\Temp\vitruvian-installer-uninstall-v0002 (File)

 

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{98CA42E9-1562-4F0E-868F-878FE766C7A8} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/26/2015 at  7:46:17.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 


  • 0

#4
BrianDrab
Posted 26 November 2015 - 10:28 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you. Please do the following.

 

Step#1 - Malwarebytes Scan


  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#2 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 


  • 0

#5
hophead
Posted 26 November 2015 - 10:31 PM

hophead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I now seem to be having quite a bit of trouble connecting to the internet. When I "Troubleshoot Problems" for the WiFi connection, after it resets the WiFi adapter,  I get "The Default Gateway is not available" then Fixed next to it.
I tried updating the driver but it says it is current. I have also reset the ipconfig and restarted with no effect. most of these problems started after the upgrade to Win 10,
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/26/2015
Scan Time: 1:31 PM
Logfile:
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.26.04
Rootkit Database: v2015.11.23.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: patri_000
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397505
Time Elapsed: 32 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.SwiftSearch, HKLM\SOFTWARE\WOW6432NODE\SwiftSearch_1.10.0.25, Quarantined, [bede01813556023466abf1b4719231cf],
 
Registry Values: 2
PUP.Optional.3DBubbleSound, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|3D BubbleSound, "C:\Program Files\BubbleSound\3D BubbleSound.exe", Quarantined, [27754240a4e7eb4b0884fb7113f04bb5]
PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|jid1-xNAj4KGyf5wyhg@jetpack, C:\Program Files (x86)\Faster Web\faster-web.xpi, Quarantined, [2a729ee41b70a195830aff8811f28f71]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 12
PUP.Optional.SwiftSearch, C:\Users\patri_000\AppData\Local\Temp\awhFAA5.tmp, Quarantined, [dbc1b9c9f695b4823776505ba55c08f8],
PUP.Optional.Amonetize, C:\Users\patri_000\AppData\Local\Temp\awhFAC6.tmp, Quarantined, [9507cdb57e0db97d6f9d370b44bc58a8],
PUP.Optional.CouponMarvel, C:\Users\patri_000\AppData\Local\Temp\awhFAC7.tmp, Quarantined, [9efe0b775a3123136772d6b2df221de3],
PUP.Optional.Nosibay, C:\Users\patri_000\AppData\Local\Temp\2510201573133\Bubble Dock Uninstall.exe, Quarantined, [d4c8e0a20f7cb77fd283d5b47f85e11f],
PUP.Optional.EoRezo, C:\Users\patri_000\AppData\Local\Temp\is-JLI54.tmp\465.exe, Quarantined, [7527572b533896a0da5e1613dc250000],
PUP.Optional.EoRezo, C:\Users\patri_000\AppData\Local\Temp\is-JLI54.tmp\583.exe, Quarantined, [2775166c2a61b18553e54ddca9587888],
PUP.Optional.EoRezo, C:\Users\patri_000\AppData\Local\Temp\is-JLI54.tmp\623.exe, Quarantined, [e2ba780abad15dd9f1476dbc26dbd62a],
PUP.Optional.EoRezo, C:\Users\patri_000\AppData\Local\Temp\is-JLI54.tmp\package_BubbleSound_installer_multilang.exe, Quarantined, [cdcff78bb3d881b547f14cdd61a05aa6],
PUP.Optional.Nosibay, C:\Users\patri_000\AppData\Local\Temp\2510201573504\Selection Tools Uninstall.exe, Quarantined, [77252f530d7e70c6e075028720e44eb2],
PUP.Optional.Nosibay, C:\Users\patri_000\AppData\Local\Temp\2510201573541\WindApp Uninstall.exe, Quarantined, [7a220b77f79462d432236b1e2adab848],
PUP.Optional.BubbleDock, C:\Users\patri_000\AppData\Local\Temp\Bubble Dock.txt, Quarantined, [8d0fc5bde7a45ed8b8d82e45867d7b85],
PUP.Optional.BubbleDock, C:\Users\patri_000\AppData\Local\Temp\LBubble Dock.txt, Quarantined, [14888ef4612a71c5652db5be8b78cc34],
 
Physical Sectors: 0
(No malicious items detected)
 

(end)


  • 0

#6
BrianDrab
Posted 27 November 2015 - 11:05 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

I now seem to be having quite a bit of trouble connecting to the internet.

 

I'm assuming this isn't something new since we started working on the machine but somethine new since the upgrade to Windows 10?

 

Please let me see a fresh set of logs.

 

Step#1 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post
1. FRST and Addition logs

 


  • 0

#7
hophead
Posted 27 November 2015 - 11:35 AM

hophead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Yes the WiFi issue is new since we started. Before IE and Edge would often freeze then flicker like some script was running/crashing very quickly then things would sometimes work again
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 02
Ran by patri_000 (administrator) on TOUCHOFGREY (27-11-2015 12:30:45)
Running from C:\Users\patri_000\Downloads
Loaded Profiles: patri_000 (Available Profiles: patri_000 & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Contour Design, Inc.) C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(BitTorrent Inc.) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Contour Design, Inc.) C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(BitTorrent Inc.) C:\Users\patri_000\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(BitTorrent Inc.) C:\Users\patri_000\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [5010224 2012-07-13] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285680 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Contour Shuttle Device Helper] => C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe [128000 2013-08-26] (Contour Design, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2548248 2014-04-23] (Sony Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [Google Update] => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-10] (Google Inc.)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-04] (PeerBlock, LLC)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [EPSON Stylus Photo R280 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE [213504 2007-04-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [uTorrent] => C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\RunOnce: [Uninstall C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\MountPoints2: {6adfeada-4a42-11e5-bebb-681729f16340} - "F:\DTVP_Launcher.exe"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\MountPoints2: {7db58015-5e49-11e5-bebc-e0db55b28c44} - "F:\DTVP_Launcher.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-29] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-07-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\patri_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-10-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Startup: C:\Users\patri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{63155eb5-97b5-4064-ba12-b9aa9cbb2a40}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95b8d7f3-d84b-4228-a7e8-0d2c896bb31b}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001 -> DefaultScope {98CA42E9-1562-4F0E-868F-878FE766C7A8} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-11-25] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-29] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-11-25] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-29] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-08-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-11-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-11-25] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1294961462-4170339457-2841224387-1001: @tools.google.com/Google Update;version=3 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1294961462-4170339457-2841224387-1001: @tools.google.com/Google Update;version=9 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-29] [not signed]
 
Chrome:
=======
CHR Profile: C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
CHR Extension: (Google Drive) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-05]
CHR Extension: (YouTube) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-05]
CHR Extension: (Google Cast) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-06-05]
CHR Extension: (Google Search) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-05]
CHR Extension: (Google Wallet) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-05]
CHR Extension: (Gmail) - C:\Users\patri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-29] (AVAST Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-08] (Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-17] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 nlsX86cc; C:\WINDOWS\system32\nlssrv32.exe [66560 2010-11-22] (Nalpeiron Ltd.) [File not signed]
R2 nlsX86cc; C:\WINDOWS\SysWOW64\nlssrv32.exe [66560 2010-11-22] (Nalpeiron Ltd.) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-04-23] (Sony Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 ShuttleEngine; C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe [99840 2013-08-26] (Contour Design, Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-29] (AVAST Software)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-09] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-09] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-09] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-06-17] (Intel Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-04] ()
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-11-11] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-07] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-27 12:24 - 2015-11-27 12:24 - 00016148 _____ C:\WINDOWS\system32\TOUCHOFGREY_patri_000_HistoryPrediction.bin
2015-11-27 00:40 - 2015-11-27 00:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-26 23:20 - 2015-11-26 23:20 - 00003167 _____ C:\malwareresults.txt
2015-11-26 13:23 - 2015-11-26 14:06 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-26 13:21 - 2015-11-26 13:21 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-26 13:21 - 2015-11-26 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-26 13:21 - 2015-11-26 13:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-26 13:21 - 2015-11-26 13:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-26 13:21 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-26 13:21 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-26 13:21 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-26 13:19 - 2015-11-26 13:20 - 22908888 _____ (Malwarebytes ) C:\Users\patri_000\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-26 07:46 - 2015-11-26 07:46 - 00001111 _____ C:\Users\patri_000\Desktop\JRT.txt
2015-11-26 07:42 - 2015-11-26 07:42 - 01599336 _____ (Malwarebytes) C:\Users\patri_000\Downloads\JRT.exe
2015-11-26 07:30 - 2015-11-26 07:36 - 00000000 ____D C:\AdwCleaner
2015-11-26 07:28 - 2015-11-26 07:28 - 01733632 _____ C:\Users\patri_000\Desktop\AdwCleaner.exe
2015-11-25 18:45 - 2015-11-25 18:45 - 00320424 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-11-25 18:45 - 2015-11-25 18:45 - 00189864 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-11-25 18:45 - 2015-11-25 18:45 - 00189864 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-11-25 18:45 - 2015-11-25 18:45 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-11-25 18:45 - 2015-11-25 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-25 18:45 - 2015-11-25 18:45 - 00000000 ____D C:\Program Files\Java
2015-11-25 18:01 - 2015-11-25 18:03 - 00041675 _____ C:\Users\patri_000\Downloads\Addition.txt
2015-11-25 17:59 - 2015-11-27 12:30 - 00023308 _____ C:\Users\patri_000\Downloads\FRST.txt
2015-11-25 17:59 - 2015-11-27 12:30 - 00000000 ____D C:\FRST
2015-11-25 17:58 - 2015-11-25 17:58 - 02348544 _____ (Farbar) C:\Users\patri_000\Downloads\FRST64.exe
2015-11-21 19:15 - 2015-11-21 19:15 - 00000000 ____D C:\Users\patri_000\Downloads\Burnt 2015 English Movies HDCam XviD AAC Audio Cleaned New Source with sample ~ ☻rDX☻
2015-11-18 18:27 - 2015-11-18 18:27 - 00127108 _____ C:\Users\patri_000\Documents\chrysler sale vadmv record.pdf
2015-11-16 04:44 - 2015-11-16 04:44 - 00004530 _____ C:\Users\patri_000\Documents\pivotcode.txt
2015-11-14 11:52 - 2015-11-14 12:12 - 00000000 ____D C:\Users\patri_000\Downloads\Calendar Girls (2015) x264 2CD WEBHD AAC M-SubS[HDMaN ExCluSive]
2015-11-14 11:52 - 2015-11-14 12:12 - 00000000 ____D C:\Users\patri_000\Downloads\Burnt 2015 CAM ENG READNFO XviD-CPG
2015-11-14 11:46 - 2015-11-14 11:53 - 838842143 _____ C:\Users\patri_000\Downloads\Entertainment.2015.720p.WEB-DL.800MB.ShAaNiG.mkv
2015-11-12 03:10 - 2015-11-12 03:10 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-11-11 18:56 - 2015-11-11 18:56 - 09898720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2015-11-11 06:39 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 06:39 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 06:39 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 06:39 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 06:39 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 06:39 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 06:39 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 06:39 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 06:39 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 06:39 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 06:39 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 06:39 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 06:39 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 06:39 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 06:39 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 06:39 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 06:39 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 06:39 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 06:39 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 06:39 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 06:39 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 06:39 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 06:39 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 06:39 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 06:39 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 06:39 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 06:39 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 06:39 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 06:39 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 06:39 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 06:39 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 06:39 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 06:39 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 06:39 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 06:39 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 06:39 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 06:39 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 06:39 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 06:39 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 06:39 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 06:39 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 06:39 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 06:39 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 06:39 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 06:39 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 06:39 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 06:39 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 06:39 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 06:39 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 06:39 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 06:39 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 06:39 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 06:39 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-09 16:29 - 2015-11-09 16:29 - 00000000 ____D C:\Users\patri_000\Downloads\Mistress.America.2015.HDRip.XviD.AC3-EVO
2015-11-04 04:08 - 2015-11-04 04:08 - 03530042 _____ C:\Users\patri_000\Documents\Excel Pivot Tables Recipe Book - A Problem-Solution Approach (2006).pdf
2015-11-04 04:07 - 2015-11-04 04:07 - 13185386 _____ C:\Users\patri_000\Documents\Pivot Table Datta Crunching for MS Excel 2007.pdf
2015-10-31 04:40 - 2015-10-31 04:43 - 11519036 _____ C:\Users\patri_000\Downloads\Pivot Table Datta Crunching for MS Excel 2007.pdf
2015-10-31 04:25 - 2015-10-31 04:37 - 00000000 ____D C:\Users\patri_000\Downloads\Excel Pivot Tables Recipe Book - A Problem-Solution Approach (2006) & Excel Programming Weekend Crash Course (2003)
2015-10-31 04:03 - 2015-10-31 04:14 - 00000000 ____D C:\Users\patri_000\Downloads\VBA
2015-10-31 03:58 - 2015-10-31 04:08 - 00000000 ____D C:\Users\patri_000\Downloads\Raspberry Pi
2015-10-29 12:59 - 2015-10-29 12:59 - 00000000 ____D C:\Users\patri_000\AppData\Roaming\AVAST Software
2015-10-29 12:58 - 2015-11-06 12:58 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-10-29 12:58 - 2015-11-06 12:58 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-29 12:58 - 2015-10-29 12:58 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-29 12:58 - 2015-10-29 12:58 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-29 12:58 - 2015-10-29 12:58 - 00001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-10-29 12:58 - 2015-10-29 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-10-29 12:57 - 2015-10-29 12:57 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-29 12:56 - 2015-10-29 12:56 - 00000000 ____D C:\Program Files\AVAST Software
2015-10-29 12:55 - 2015-10-29 12:55 - 05693032 _____ (AVAST Software) C:\Users\patri_000\Downloads\avast_free_antivirus_setup_online.exe
2015-10-29 12:55 - 2015-10-29 12:55 - 00000000 ____D C:\ProgramData\AVAST Software
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-27 12:31 - 2013-12-24 14:33 - 00000000 ____D C:\Users\patri_000\AppData\Roaming\uTorrent
2015-11-27 12:25 - 2015-03-15 21:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-27 12:21 - 2013-12-21 17:13 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001UA.job
2015-11-27 11:53 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-27 09:34 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-27 00:45 - 2015-10-17 15:36 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-26 23:50 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-26 14:16 - 2015-10-17 12:44 - 00003338 _____ C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2015-11-26 14:11 - 2015-10-17 11:57 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-26 14:11 - 2015-07-30 17:40 - 00000000 ____D C:\WINDOWS\INF
2015-11-26 14:06 - 2015-09-18 16:26 - 00000000 ____D C:\Users\patri_000\AppData\LocalLow\uTorrent
2015-11-26 14:06 - 2014-11-24 17:59 - 00000000 __SHD C:\Users\patri_000\IntelGraphicsProfiles
2015-11-26 14:05 - 2015-07-30 17:42 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-11-26 14:05 - 2015-07-30 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-26 14:05 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-26 07:19 - 2015-07-30 17:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-26 05:26 - 2015-09-10 08:34 - 00000000 ____D C:\Users\patri_000\AppData\Local\Microsoft Help
2015-11-26 03:39 - 2015-10-17 11:42 - 00000000 ____D C:\Users\patri_000
2015-11-25 18:21 - 2013-12-21 17:13 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001Core.job
2015-11-25 18:02 - 2015-07-10 04:47 - 00000000 ____D C:\Windows
2015-11-25 07:30 - 2015-07-30 17:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-11-21 19:15 - 2013-12-24 14:37 - 00000000 ____D C:\Program Files\PeerBlock
2015-11-18 18:27 - 2015-07-23 08:22 - 00000000 ____D C:\Users\patri_000\AppData\Local\CutePDF Writer
2015-11-15 03:52 - 2013-12-29 14:20 - 00000000 ____D C:\Users\patri_000\AppData\Roaming\vlc
2015-11-14 16:50 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 05:15 - 2015-07-30 17:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-12 03:26 - 2015-09-10 08:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-12 03:26 - 2015-09-10 08:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 03:23 - 2015-07-30 17:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-12 03:09 - 2013-12-23 21:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 03:09 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-11-12 03:04 - 2013-12-23 21:27 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-11 19:23 - 2013-12-21 17:16 - 00002518 _____ C:\Users\patri_000\Desktop\Google Chrome.lnk
2015-11-11 18:56 - 2015-05-14 11:10 - 00410848 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2015-11-11 18:56 - 2015-05-14 11:10 - 00091872 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2015-11-11 18:56 - 2013-11-06 08:26 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-11-11 12:25 - 2015-03-15 21:18 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-03 13:20 - 2015-07-30 17:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 13:20 - 2015-07-30 17:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 21:50 - 2015-09-26 06:36 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2013-11-06 08:41 - 2013-11-06 08:42 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-11-06 08:37 - 2013-11-06 08:38 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-11-06 08:38 - 2013-11-06 08:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-11-06 08:36 - 2013-11-06 08:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-11-06 08:39 - 2013-11-06 08:41 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some files in TEMP:
====================
C:\Users\patri_000\AppData\Local\Temp\DTVault Privacy-F-ParaDelay.exe
C:\Users\patri_000\AppData\Local\Temp\sqlite3.dll
C:\Users\patri_000\AppData\Local\Temp\vlc-2.2.1-win32.exe
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-11-18 15:16
 
==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02
Ran by patri_000 (2015-11-27 12:31:37)
Running from C:\Users\patri_000\Downloads
Windows 10 Home (X64) (2015-10-17 17:41:57)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-1294961462-4170339457-2841224387-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1294961462-4170339457-2841224387-503 - Limited - Disabled)
Guest (S-1-5-21-1294961462-4170339457-2841224387-501 - Limited - Disabled)
patri_000 (S-1-5-21-1294961462-4170339457-2841224387-1001 - Administrator - Enabled) => C:\Users\patri_000
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
4Card Recovery (HKLM-x32\...\{6FE4072A-E968-438D-967A-F641BE28B279}_is1) (Version: 2.0 - 4CardRecovery)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
calibre (HKLM-x32\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
ChromecastApp (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Contour Shuttle (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 2.10 - Contour Design, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.13 - Synaptics Incorporated)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
DVD Architect Pro 6.0 (HKLM-x32\...\{E0E531A2-17C1-11E2-984D-1040F3E7010F}) (Version: 6.0.237 - Sony)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® My WiFi Dashboard (HKLM\...\{1E741267-F54B-4b3a-A7B6-1D1A156E385E}) (Version: 15.05.5000.0219 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.4.1001 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iStonsoft Free YouTube Downloader (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\iStonsoft Free YouTube Downloader) (Version: 2.1.56 - iStonsoft)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
LG United Mobile Drivers (HKLM-x32\...\{2D5218EB-6992-46E3-8ECE-76C79AB955CE}) (Version: 3.13.2.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Excel 2013 XLL Software Development Kit (HKLM-x32\...\{90150000-00D2-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio SDK 2013 (HKLM\...\{95150000-0050-0409-1000-0000000FF1CE}) (Version: 15.0.4454.1509 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
PlayMemories Home (HKLM-x32\...\{7EA1A4E8-A5CE-4626-87DC-6DEF99BAE931}) (Version: 3.1.11.04230 - Sony Corporation)
PluralEyes for Vegas Pro (HKLM\...\{173D1F6B-87A2-4192-9943-392FEAAFDFFE}_is1) (Version: 2.0.3 - Singular Software Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Pulse Secure Setup Client (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Juniper_Setup_Client) (Version: 8.1.4.60057 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Terminal Services Client (HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\Juniper_Term_Services) (Version: 8.1.4.37085 - Pulse Secure, LLC)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.04.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SimpleOCR 3.1 (HKLM-x32\...\SimpleOCR 3.1) (Version:  - )
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sound Forge Pro 11.0 (HKLM-x32\...\{437C8730-3505-11E3-9509-F04DA23A5C58}) (Version: 11.0.272 - Sony)
Trader's Little Helper 2.7.0 (HKLM-x32\...\TradersLittleHelper_is1) (Version: 2.7.0 - Robert Hoffmann)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
Video Converter version 6.0.0 (HKLM-x32\...\Video Converter_is1) (Version: 6.0.0 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare PDF Editor OCR (HKLM-x32\...\{408133BA-3665-4EF5-9DC4-E6A475DA8119}_is1) (Version: 3.6.0.9 - Wondershare Software Co.,Ltd.)
Wondershare PDFelement(Build 4.0.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 4.0.0.3 - Wondershare Software Co.,Ltd.)
Засоби перевірки правопису Microsoft Office 2013 – українська мова (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Restore Points =========================
 
12-11-2015 02:58:31 Windows Update
21-11-2015 07:21:47 Scheduled Checkpoint
26-11-2015 07:42:52 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09B0FE3C-9F71-43BF-BE31-A8A398E1844D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {10E75F69-78CF-4514-96D1-C51BEFD085A5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1119CBB2-F0C7-4011-81DF-A8758CBA74CC} - System32\Tasks\{93F2DB5A-6B71-45A3-8702-98954E1BDB93} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {1F9AC970-25AF-48A6-9F63-B6F158D48115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2D7AE34B-40C9-40BD-862C-DAC7852B3FF4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-29] (AVAST Software)
Task: {2FD69FF5-CB5A-4E1A-ACE1-764E8CF2E92C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {37063F22-F2A5-42F9-9CC5-EC21FAA6D881} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3D72F90F-C0B3-45E5-A0F1-B84DD7739254} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {430F935D-C653-41C3-A4DE-C7050D4A3DB8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {453C8FA7-80C7-4AA3-AFD4-3BE4EDF32F77} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {4E1730B4-F696-4453-80F6-C9B6743835FE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {58385222-8C18-47D2-94B7-9A6DDA8BF797} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {589A5DB3-4905-4363-B7C8-B9FD12934F8C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {59E25824-46D9-473D-BAB1-2915889B53AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5C9248EF-0B06-41ED-B62C-898242678199} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {6EBD7945-471E-437C-9281-0BAB939F8D22} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001UA => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-10] (Google Inc.)
Task: {70D1C8C1-AD15-4C4D-AF81-EC8BAEC9C990} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {75F47BE2-F6BE-4EAB-85EE-1D32FF77550F} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [2012-07-13] (Intel® Corporation)
Task: {76355E54-9251-42A9-A0FA-AD2B0E3B6CBA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-12] (Microsoft Corporation)
Task: {7B9E805C-AEAE-46D6-8CB9-0D6295FD3CFB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {80FF3D51-9771-4C09-A17C-379FB161A6FF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {844D17E6-0BE9-4C04-BDF8-B30D05866451} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {86CADDF1-1C26-436F-B921-05BC4C599C42} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {86D0EAFD-511C-47EF-A349-F864996D5435} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {A7428B34-211F-4B11-A84E-87EBBC68C465} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AC0CF069-CBE3-4504-AEC4-6AD7FD559596} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {AFFBB1E4-C357-4A1A-B866-945C585498A2} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {B8491981-3182-4331-96CD-154BABD3A5FB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C00E0E6C-CA37-4B06-A685-2061C462E6EA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C0579B56-9F6A-46E1-94BD-4DB74577905B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CB7785F3-543A-460B-8582-3CA02FE73439} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CEF52B14-1D34-4A16-9C76-262BB1C4BF3B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D48958D5-17D7-41F2-8C30-347575D438E0} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: {E511C9C6-61BA-4107-BC01-B8BA0239AE07} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {F4FA4FF8-CC22-47E9-9D2C-BF683FA6BE9B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001Core => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-10] (Google Inc.)
Task: {FEE399C7-970A-40D3-8087-F437BD0B05B8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001Core.job => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1294961462-4170339457-2841224387-1001UA.job => C:\Users\patri_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-09 22:33 - 2015-07-09 22:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-23 08:19 - 2013-10-23 14:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2014-03-25 16:26 - 2011-04-11 00:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2013-11-06 08:39 - 2012-04-24 21:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-10-17 15:31 - 2015-10-17 15:31 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 22:13 - 2015-07-09 22:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-17 15:31 - 2015-10-17 15:31 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 22:13 - 2015-09-10 00:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-11-21 14:03 - 2015-11-21 14:04 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-11-21 14:03 - 2015-11-21 14:04 - 11526656 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 17:52 - 2015-11-19 17:52 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-11-26 07:19 - 2015-11-26 07:19 - 03494400 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-10-29 12:57 - 2015-10-29 12:57 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-29 12:57 - 2015-10-29 12:57 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-26 07:17 - 2015-11-26 07:17 - 02995712 _____ () C:\Program Files\AVAST Software\Avast\defs\15112600\algo.dll
2015-11-27 06:12 - 2015-11-27 06:12 - 02812416 _____ () C:\Program Files\AVAST Software\Avast\defs\15112700\algo.dll
2015-10-29 12:58 - 2015-10-29 12:58 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-06 08:38 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-11-01 03:54 - 2015-11-01 03:54 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\c986c6671c3c54888ead5b238ef40475\PSIClient.ni.dll
2013-11-06 08:24 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1294961462-4170339457-2841224387-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1374505D-E345-40C7-A812-2A513F0F91AD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B7B647A1-1EAD-4E0F-85CA-8943FA0BBCB5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6FA4DC2F-FD83-4F85-8E02-231AB55111A9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D55706A4-B5ED-4CC0-BA28-7D02BE2ED5F8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D9247E77-2B17-42BF-9D72-A6153A1B9F6D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{64B73AEC-94AA-42F0-BD6B-06C093EFAF1A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{39C4EDF2-6C34-44C5-B739-866D8E56FF4B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AB769E3C-6BF7-4A36-94D5-8B6B0435F310}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{101D150D-A79C-41EE-8951-70187C4A16B1}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{B546D163-FF5E-490A-8572-60D2213A3143}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{37FF098C-9300-4544-994B-0A00C6A1B18C}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{82535045-8407-43F1-B4CC-27817EE5DA1D}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
FirewallRules: [{601990E4-F5D3-4BCC-8D21-11073A1836CA}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
FirewallRules: [{94E2736A-2741-43B3-9EC7-76BA2A4C9996}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDash.exe
FirewallRules: [{481B07EE-FA39-4837-9CF4-9C7BC4D81E77}] => (Allow) C:\Program Files\Intel\CCDashboard\bin\CCDash.exe
FirewallRules: [{4E335B77-3A31-45DC-BB83-0054420B93C7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{3323D84C-6EA8-4FB7-AE3F-96DBA97A3C93}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{70C87FE4-52C8-48DD-BA54-6E628658882F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{95E42DFA-64D9-4345-AD19-F549C8F268E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DB02B69D-EFEF-40CF-BB9D-A1869D118B6F}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{28502CF3-4CA1-49CE-9AC9-E09CAFCEDD35}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F40CBA17-CF9F-428E-8D25-660C6CC0AF96}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E2B64BB9-59F0-4FA4-9446-FBF28B750585}] => (Allow) C:\Users\patri_000\AppData\Local\Temp\Ins59C\Setup.exe
FirewallRules: [{DCB3C96D-7BFF-4C64-BDF4-66EFB6BC980D}] => (Allow) C:\Users\patri_000\AppData\Local\Temp\Ins59C\Setup.exe
FirewallRules: [{B011ABDB-0252-49C7-B62E-6E36E5CB53F0}] => (Allow) C:\Users\patri_000\AppData\Local\Temp\Ins59C\Setup.exe
FirewallRules: [{7B248379-E510-4A66-A783-CACE2900FCFC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{3FE6CB23-805F-4937-9370-DD15782D1449}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{117A4915-0453-4586-A16B-F27E3EFF9312}] => (Allow) LPort=2869
FirewallRules: [{C42911B1-092F-4793-B353-8D6D42F579A6}] => (Allow) LPort=1900
FirewallRules: [{4FBE19AC-7A10-4BD5-8548-614046AC03D2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7B6B0A61-5DC2-451F-A729-D9905A83907C}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{C54D1572-3713-42A6-93E5-B1ADB28317A7}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{2AD1862A-3946-41B7-AE73-A8AA66CA96DA}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{35428C8B-6491-4CD4-AFEF-94E759D21AFB}] => (Allow) C:\Users\patri_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7A66CE37-14B8-4398-87F8-FB28792AC2E7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A95ADF5E-81A9-451D-8805-F2E52263F5E2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0832A76B-8DED-4145-9A9A-58FA8374C841}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{659DF796-7959-483D-B0E5-CFE5E599AD9F}] => (Block) C:\program files (x86)\skype\phone\skype.exe
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/27/2015 00:03:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpfService64.exe, version: 1.3.0.9090, time stamp: 0x4e684dec
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000005
Fault offset: 0x000000000002526e
Faulting process id: 0x23cc
Faulting application start time: 0xSpfService64.exe0
Faulting application path: SpfService64.exe1
Faulting module path: SpfService64.exe2
Report Id: SpfService64.exe3
Faulting package full name: SpfService64.exe4
Faulting package-relative application ID: SpfService64.exe5
 
Error: (11/27/2015 11:08:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpfService64.exe, version: 1.3.0.9090, time stamp: 0x4e684dec
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000005
Fault offset: 0x000000000002526e
Faulting process id: 0x112c
Faulting application start time: 0xSpfService64.exe0
Faulting application path: SpfService64.exe1
Faulting module path: SpfService64.exe2
Report Id: SpfService64.exe3
Faulting package full name: SpfService64.exe4
Faulting package-relative application ID: SpfService64.exe5
 
Error: (11/27/2015 08:06:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpfService64.exe, version: 1.3.0.9090, time stamp: 0x4e684dec
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000005
Fault offset: 0x000000000002526e
Faulting process id: 0x2b5c
Faulting application start time: 0xSpfService64.exe0
Faulting application path: SpfService64.exe1
Faulting module path: SpfService64.exe2
Report Id: SpfService64.exe3
Faulting package full name: SpfService64.exe4
Faulting package-relative application ID: SpfService64.exe5
 
Error: (11/27/2015 05:39:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpfService64.exe, version: 1.3.0.9090, time stamp: 0x4e684dec
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000005
Fault offset: 0x000000000002526e
Faulting process id: 0x158c
Faulting application start time: 0xSpfService64.exe0
Faulting application path: SpfService64.exe1
Faulting module path: SpfService64.exe2
Report Id: SpfService64.exe3
Faulting package full name: SpfService64.exe4
Faulting package-relative application ID: SpfService64.exe5
 
Error: (11/27/2015 05:14:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpfService64.exe, version: 1.3.0.9090, time stamp: 0x4e684dec
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000005
Fault offset: 0x000000000002526e
Faulting process id: 0x14a8
Faulting application start time: 0xSpfService64.exe0
Faulting application path: SpfService64.exe1
Faulting module path: SpfService64.exe2
Report Id: SpfService64.exe3
Faulting package full name: SpfService64.exe4
Faulting package-relative application ID: SpfService64.exe5
 
Error: (11/27/2015 04:53:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpfService64.exe, version: 1.3.0.9090, time stamp: 0x4e684dec
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000374
Fault offset: 0x00000000000ea28c
Faulting process id: 0xae0
Faulting application start time: 0xSpfService64.exe0
Faulting application path: SpfService64.exe1
Faulting module path: SpfService64.exe2
Report Id: SpfService64.exe3
Faulting package full name: SpfService64.exe4
Faulting package-relative application ID: SpfService64.exe5
 
Error: (11/27/2015 04:36:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (11/27/2015 01:53:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpfService64.exe, version: 1.3.0.9090, time stamp: 0x4e684dec
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000005
Fault offset: 0x000000000002526e
Faulting process id: 0x30bc
Faulting application start time: 0xSpfService64.exe0
Faulting application path: SpfService64.exe1
Faulting module path: SpfService64.exe2
Report Id: SpfService64.exe3
Faulting package full name: SpfService64.exe4
Faulting package-relative application ID: SpfService64.exe5
 
Error: (11/27/2015 01:33:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpfService64.exe, version: 1.3.0.9090, time stamp: 0x4e684dec
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000005
Fault offset: 0x000000000002526e
Faulting process id: 0x305c
Faulting application start time: 0xSpfService64.exe0
Faulting application path: SpfService64.exe1
Faulting module path: SpfService64.exe2
Report Id: SpfService64.exe3
Faulting package full name: SpfService64.exe4
Faulting package-relative application ID: SpfService64.exe5
 
Error: (11/27/2015 01:23:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpfService64.exe, version: 1.3.0.9090, time stamp: 0x4e684dec
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000005
Fault offset: 0x000000000002526e
Faulting process id: 0x27fc
Faulting application start time: 0xSpfService64.exe0
Faulting application path: SpfService64.exe1
Faulting module path: SpfService64.exe2
Report Id: SpfService64.exe3
Faulting package full name: SpfService64.exe4
Faulting package-relative application ID: SpfService64.exe5
 

System errors:
=============
Error: (11/27/2015 00:03:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VAIO Entertainment Common Service service terminated unexpectedly.  It has done this 11 time(s).
 
Error: (11/27/2015 11:59:12 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.
 
A corruption was found in a file system index structure.  The file reference number is 0x300000000240f9.  The name of the file is "\Windows".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (11/27/2015 11:08:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VAIO Entertainment Common Service service terminated unexpectedly.  It has done this 10 time(s).
 
Error: (11/27/2015 08:08:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
Error: (11/27/2015 08:08:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 4 0x0 0x0
 
Error: (11/27/2015 08:08:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 1 0xc 0x4
 
Error: (11/27/2015 08:06:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VAIO Entertainment Common Service service terminated unexpectedly.  It has done this 9 time(s).
 
Error: (11/27/2015 07:57:06 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
Error: (11/27/2015 07:56:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 4 0x0 0x0
 
Error: (11/27/2015 07:56:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 1 0xc 0x4
 

CodeIntegrity:
===================================
  Date: 2015-10-26 06:07:14.161
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-25 07:24:15.457
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-25 07:24:15.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-25 07:20:37.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-25 07:20:37.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-25 07:20:36.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-25 07:20:36.835
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-25 07:19:26.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-25 07:19:26.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-25 07:17:32.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
 

==================== Memory info ===========================
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 67%
Total physical RAM: 6010.51 MB
Available physical RAM: 1967.48 MB
Total Virtual: 8548 MB
Available Virtual: 3294.09 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:453.58 GB) (Free:188.62 GB) NTFS
Drive g: () (Removable) (Total:58.08 GB) (Free:58.08 GB) exFAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 76793D4F)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: CA279B91)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 58.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


  • 0

#8
BrianDrab
Posted 27 November 2015 - 12:17 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks for the info. While I'm reviewing your logs please do the following.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   260bytes   203 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


  • 0

#9
hophead
Posted 27 November 2015 - 05:37 PM

hophead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Still too early to say but starting to seem better....
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02
Ran by patri_000 (2015-11-27 13:31:45) Run:1
Running from C:\Users\patri_000\Downloads
Loaded Profiles: patri_000 (Available Profiles: patri_000 & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
*****************
 
Restore point was successfully created.
 
=========  netsh advfirewall reset =========
 
Ok.
 

========= End of CMD: =========
 

=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 

========= End of CMD: =========
 

=========  ipconfig /flushdns =========
 

Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 

=========  netsh winsock reset catalog =========
 

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 

========= End of CMD: =========
 

=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 

========= End of CMD: =========
 

=========  ipconfig /release =========
 

Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::6909:48ec:ba78:7c7d%2
   Default Gateway . . . . . . . . . :
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
 
========= End of CMD: =========
 

=========  ipconfig /renew =========
 

Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::6909:48ec:ba78:7c7d%2
   IPv4 Address. . . . . . . . . . . : 192.168.1.163
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
 
========= End of CMD: =========
 
EmptyTemp: => 4.1 GB temporary data Removed.
 

The system needed a reboot.
 
==== End of Fixlog 13:59:16 ====


  • 0

#10
BrianDrab
Posted 27 November 2015 - 07:58 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Good. Please do the following.

 

Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
 
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): uTorrent

 

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   3.81KB   214 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 


  • 0

Advertisements

#11
hophead
Posted 27 November 2015 - 08:32 PM

hophead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:27-11-2015
Ran by patri_000 (2015-11-27 21:18:07) Run:2
Running from C:\Users\patri_000\Downloads
Loaded Profiles: patri_000 (Available Profiles: patri_000 & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Task: {CEF52B14-1D34-4A16-9C76-262BB1C4BF3B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B8491981-3182-4331-96CD-154BABD3A5FB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C00E0E6C-CA37-4B06-A685-2061C462E6EA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C0579B56-9F6A-46E1-94BD-4DB74577905B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A7428B34-211F-4B11-A84E-87EBBC68C465} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7B9E805C-AEAE-46D6-8CB9-0D6295FD3CFB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {80FF3D51-9771-4C09-A17C-379FB161A6FF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {844D17E6-0BE9-4C04-BDF8-B30D05866451} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {59E25824-46D9-473D-BAB1-2915889B53AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2FD69FF5-CB5A-4E1A-ACE1-764E8CF2E92C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {10E75F69-78CF-4514-96D1-C51BEFD085A5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\patri_000\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
2013-11-06 08:41 - 2013-11-06 08:42 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-11-06 08:37 - 2013-11-06 08:38 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-11-06 08:38 - 2013-11-06 08:39 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-11-06 08:36 - 2013-11-06 08:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-11-06 08:39 - 2013-11-06 08:41 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEF52B14-1D34-4A16-9C76-262BB1C4BF3B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEF52B14-1D34-4A16-9C76-262BB1C4BF3B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8491981-3182-4331-96CD-154BABD3A5FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8491981-3182-4331-96CD-154BABD3A5FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C00E0E6C-CA37-4B06-A685-2061C462E6EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C00E0E6C-CA37-4B06-A685-2061C462E6EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0579B56-9F6A-46E1-94BD-4DB74577905B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0579B56-9F6A-46E1-94BD-4DB74577905B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7428B34-211F-4B11-A84E-87EBBC68C465}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7428B34-211F-4B11-A84E-87EBBC68C465}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B9E805C-AEAE-46D6-8CB9-0D6295FD3CFB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B9E805C-AEAE-46D6-8CB9-0D6295FD3CFB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80FF3D51-9771-4C09-A17C-379FB161A6FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80FF3D51-9771-4C09-A17C-379FB161A6FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{844D17E6-0BE9-4C04-BDF8-B30D05866451}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{844D17E6-0BE9-4C04-BDF8-B30D05866451}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59E25824-46D9-473D-BAB1-2915889B53AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59E25824-46D9-473D-BAB1-2915889B53AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FD69FF5-CB5A-4E1A-ACE1-764E8CF2E92C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FD69FF5-CB5A-4E1A-ACE1-764E8CF2E92C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10E75F69-78CF-4514-96D1-C51BEFD085A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10E75F69-78CF-4514-96D1-C51BEFD085A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-1294961462-4170339457-2841224387-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log => moved successfully
EmptyTemp: => 242 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 21:19:24 ====


  • 0

#12
BrianDrab
Posted 27 November 2015 - 08:39 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you. And because of the following error in your event logs I would like you to run a chkdsk using the parameters shown below. Note: Although the risk is very low (I've only had it happen twice in over 20 years), if there is a problem with your disk this procedure could render your computer unbootable so please make sure that any critical data is backed up.

 

Error: (11/27/2015 11:59:12 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.
 
A corruption was found in a file system index structure.  The file reference number is 0x300000000240f9.  The name of the file is "\Windows".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

 

 

Step#1 - ChkDsk Repair
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.
ElevateCommandPrompt.JPG
3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Please type chkdsk /R and then press enter. Note: There is a space after the command chkdsk and before the forward slash
6. You will get a prompt telling you chkdsk cannot run because the volume is in use. Answer Y and hit enter to schedule the run at next boot.
7. Reboot your computer and chkdsk will run. Let it complete please.
8. Right-click ListChkdskResult.exe and select Run as administrator (Allow if prompted) and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.

 


  • 0

#13
hophead
Posted 28 November 2015 - 04:04 AM

hophead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 11/28/2015 5:00:24 AM >------
Category: 0
Computer Name: TouchOfGrey
Event Code: 1001
Record Number: 8424
Source Name: Microsoft-Windows-Wininit
Time Written: 11-28-2015 @ 05:57:30
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.

A disk check has been scheduled.
Windows will now check the disk.                        

Stage 1: Examining basic file system structure ...
Cleaning up instance tags for file 0x143f2.
  659200 file records processed.                                                       

File verification completed.
  7417 large file records processed.                                  

  0 bad file records processed.                                    

Stage 2: Examining file name linkage ...
  743104 index entries processed.                                                      

Index verification completed.
  0 unindexed files scanned.                                       

  0 unindexed files recovered to lost and found.                   

Stage 3: Examining security descriptors ...
Cleaning up 3337 unused index entries from index $SII of file 0x9.
Cleaning up 3337 unused index entries from index $SDH of file 0x9.
Cleaning up 3337 unused security descriptors.
Security descriptor verification completed.
  41953 data files processed.                                          

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  659184 files processed.                                                              

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  51679882 free clusters processed.                                                      

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

 475616255 KB total disk space.
 267949324 KB in 400781 files.
    201476 KB in 41954 indexes.
         0 KB in bad sectors.
    745923 KB in use by the system.
     65536 KB occupied by the log file.
 206719532 KB available on disk.

      4096 bytes in each allocation unit.
 118904063 total allocation units on disk.
  51679883 allocation units available on disk.

Internal Info:
00 0f 0a 00 6b c1 06 00 6f 0d 0d 00 00 00 00 00  ....k...o.......
c5 02 00 00 64 26 00 00 00 00 00 00 00 00 00 00  ....d&..........

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------


  • 0

#14
BrianDrab
Posted 28 November 2015 - 09:03 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Excellent. That was repaired. Let me know how your machine is now.


  • 0

#15
hophead
Posted 29 November 2015 - 07:59 AM

hophead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Thank you, things seem much more stable now.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: ie 11 freeze, flicker

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP