I'm not sure what I've got but it's preventing me from using the internet and most of my programs. It occurred during an attempted download of an appliance instruction manual.
I ran a scan of Malwarebytes Anti-Malware and noticed it detected hundreds of threats (800+), but I was unable to access the program to delete them. Could only see the results. In running Task Manager I'm seeing an additional 40+ processes operating than were there previously. I've also run CCleaner to clean it up some more.
I am sending this from my laptop as I cannot control access on my browser and as such am unable to log-in on this site. I am able to start and run the computer in the Safe-Mode, but have no internet access as such.
That's as far as I have gotten, so I've decided to turn to the experts on this forum for guidance. Here are the two FRST logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Scott (administrator) on SCOTT-PC (07-01-2016 16:07:48)
Running from Y:\Scotty\Desktop
Loaded Profiles: Scott (Available Profiles: Scott & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Scott\AppData\Local\TheBrowser\Application\TheBrowser.exe" -- "%1")
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-01-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-01-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [ospd_us_014010200] => [X]
HKLM-x32\...\Run: [gmsd_us_005010200] => C:\Program Files (x86)\gmsd_us_005010200\gmsd_us_005010200.exe [3972784 2016-01-07] ()
HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Program Files (x86)\SpaceSondPro_v53.11772\ioproduct_service.bat [164 2016-01-07] ()
HKLM-x32\...\RunOnce: [upgmsd_us_005010200.exe] => C:\Users\Scott\AppData\Local\gmsd_us_005010200\upgmsd_us_005010200.exe [3262640 2016-01-07] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381952 2015-10-11] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [DeskBar] => C:\Users\Scott\AppData\Local\DeskBar\dblaunch.exe [243200 2015-10-29] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] ()
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\MountPoints2: {91b984ca-2f84-11e4-b2ba-180373b1ac40} - I:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\ProgramData\FlashBeat\THIHPQ64.dll => C:\ProgramData\FlashBeat\THIHPQ64.dll [1096704 2016-01-06] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\THIHPQ32.dll => C:\ProgramData\FlashBeat\THIHPQ32.dll [855552 2016-01-06] (FlashBeat)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk [2016-01-07]
ShortcutTarget: AllPCoptimizer.exe.lnk -> C:\Windows\Installer\{20A647C6-0C59-42A7-B3B4-1E95674496BB}\NewShortcut1_4CA89A60165741188EC12DF8484E49A4.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2013-12-21]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PlutoTV.lnk [2016-01-07]
ShortcutTarget: PlutoTV.lnk -> C:\Program Files (x86)\Pluto TV\PlutoTV.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SearchTooKnowDesktopSearch.lnk [2016-01-07]
ShortcutTarget: SearchTooKnowDesktopSearch.lnk -> C:\ProgramData\Search Too Know\SearchTooKnowDesktopSearch.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-667926241-938725764-3588881007-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-667926241-938725764-3588881007-1000] => http=127.0.0.1:8800
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33953347-52EE-4DE5-8083-A08942394243}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3F1DA497-3454-43C5-85F2-5F449B44E28B}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggacwoIUlsVEhgSeA0BTA0VGQ0OeQ9ZAxQXQg0QclsJA19BRQAFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlElTlpoLlZP
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggacwoIUlsVEhgSeA0BTA0VGQ0OeQ9ZAxQXQg0QclsJA19BRQAFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlElTlpoLlZP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> {4E6D4C86-0930-4323-98A4-1F372305E93C} URL = hxxp://www-mysearch.com/s.ashx?prd=opensearch&q={searchTerms}&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
SearchScopes: HKU\S-1-5-21-667926241-938725764-3588881007-1000 -> {B9FC1626-B751-4C59-9FB3-99C00CF86539} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggacwoIUlsVEhgSeA0BTA0VGQ0OeQ9ZAxQXQg0QclsJA19BRQAFIk0FA18DB0VXfV9eFElXTwhwJVhKAlElTlpoLlZP
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAwQcwkLA11CDAQbdAAVVV1JGRgadlhaTF8SGQYRIghaBwkVFBNBNARaB0tXUUEeJl9NER8fHGZGIUtbCW0eTn5NL04=
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQALUglCQ1EQbQgAVQBcFVEbeBQBV1gTDFNAeAoKAwgTRwVHdR9aFQQTR0cFME0FB18EURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms}
FF SelectedSearchEngine: Default
FF DefaultSearchEngine: Default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\user.js [2016-01-07]
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\searchplugins\search-simple.xml [2016-01-07]
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\searchplugins\smod.xml [2016-01-07]
FF Extension: Search Too Know - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\gb4oydtu.default-1387666270504\Extensions\{926a21b7-3759-4709-b3b4-19e3d3e49b40}.xpi [2016-01-07] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-08] <==== ATTENTION
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AmazingTab; C:\Program Files\amztab\amztab.exe [383488 2016-01-07] () [File not signed]
S2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
S2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S2 dTqFXWThya; C:\ProgramData\JwDgdEtp\dTqFXWThya.exe [3002336 2016-01-07] (Ratio Applications)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 Service Mgr SearchTooKnow; C:\ProgramData\457082ba-095e-4f86-8a98-c078f3146538\plugincontainer.exe [783584 2016-01-07] () <==== ATTENTION
S2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-10-11] () [File not signed]
S2 swsesrvc_1.10.0.25; C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe [301648 2015-09-22] (SS)
S2 TheScreenSnapshotService; C:\Program Files (x86)\ScreenSnapshotTool\1.1.0.11130\ScreenShotServ.exe [153248 2015-12-07] ()
S2 Update Mgr SearchTooKnow; C:\Program Files (x86)\Common Files\457082ba-095e-4f86-8a98-c078f3146538\updater.exe [646368 2016-01-07] () <==== ATTENTION
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 wucotusy; C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\hnskBC18.tmp [416256 2016-01-07] () [File not signed]
S2 zigipyro; C:\Users\Scott\AppData\Local\4C4C4544-1452174645-3310-8048-B7C04F305231\qnshB57B.tmp [158720 2015-12-26] () [File not signed]
S3 ZuneWlanCfgSvc; C:\Windows\system32\ZuneWlanCfgSvc.exe [467696 2010-09-24] (Microsoft Corporation)
S2 zutuzuni; C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\jnskA710.tmp [307712 2016-01-07] () [File not signed]
S2 lufolegozbt; C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231\knsz91C5.tmpfs [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 swsedrvr_vt_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys [61304 2015-09-22] (SS)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-07 16:05 - 2016-01-07 16:07 - 00175914 _____ C:\Windows\ntbtlog.txt
2016-01-07 16:00 - 2016-01-07 16:07 - 00000000 ____D C:\FRST
2016-01-07 14:23 - 2016-01-07 14:23 - 00000000 ____D C:\Users\Scott\AppData\Local\ElevatedDiagnostics
2016-01-07 14:12 - 2016-01-07 14:12 - 00000000 ____D C:\Users\Scott\AppData\Local\TVTime
2016-01-07 14:10 - 2016-01-07 14:15 - 00000362 _____ C:\Windows\Tasks\AmiUpdXp.job
2016-01-07 14:10 - 2016-01-07 14:10 - 00003400 _____ C:\Windows\System32\Tasks\AmiUpdXp
2016-01-07 14:10 - 2016-01-07 14:10 - 00000000 ____D C:\Users\Scott\AppData\Local\3473
2016-01-07 13:57 - 2016-01-07 14:05 - 00000000 ____D C:\Users\Scott\AppData\Roaming\ScreenSnapshotTool
2016-01-07 13:57 - 2016-01-07 13:57 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-01-07 13:57 - 2016-01-07 13:57 - 00000000 ____D C:\Program Files (x86)\ScreenSnapshotTool
2016-01-07 13:56 - 2016-01-07 14:15 - 00000292 _____ C:\Windows\Tasks\PC-Mechanic Startup.job
2016-01-07 13:56 - 2016-01-07 14:15 - 00000000 ____D C:\Users\Scott\AppData\Local\PlutoTV
2016-01-07 13:56 - 2016-01-07 14:14 - 00000278 _____ C:\Windows\Tasks\PC-Mechanic Maintenance.job
2016-01-07 13:56 - 2016-01-07 13:56 - 00003216 _____ C:\Windows\System32\Tasks\PC-Mechanic Maintenance
2016-01-07 13:56 - 2016-01-07 13:56 - 00002584 _____ C:\Windows\System32\Tasks\PC-Mechanic Startup
2016-01-07 13:56 - 2016-01-07 13:56 - 00001172 _____ C:\Users\Public\Desktop\PC Mechanic.lnk
2016-01-07 13:56 - 2016-01-07 13:56 - 00001093 _____ C:\Users\Public\Desktop\PlutoTV.lnk
2016-01-07 13:56 - 2016-01-07 13:56 - 00000013 _____ C:\Users\Scott\.pluto.tv
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Uniblue
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pluto TV
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\Program Files (x86)\Uniblue
2016-01-07 13:56 - 2016-01-07 13:56 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2016-01-07 13:55 - 2016-01-07 14:14 - 00000000 ____D C:\Program Files (x86)\Search Too Know
2016-01-07 13:55 - 2016-01-07 13:56 - 00000000 ____D C:\ProgramData\457082ba-095e-4f86-8a98-c078f3146538
2016-01-07 13:55 - 2016-01-07 13:55 - 00000000 ____D C:\Users\Scott\AppData\Roaming\OpenCandy
2016-01-07 13:55 - 2016-01-07 13:55 - 00000000 ____D C:\ProgramData\Search Too Know
2016-01-07 13:55 - 2016-01-07 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search Too Know
2016-01-07 13:54 - 2016-01-07 13:54 - 00003428 _____ C:\Windows\System32\Tasks\Eotnuaivg
2016-01-07 13:54 - 2016-01-07 13:54 - 00000000 ____D C:\ProgramData\Eotnuaivg
2016-01-07 13:52 - 2016-01-07 14:17 - 00000000 ____D C:\Users\Scott\AppData\Local\gmsd_us_005010200
2016-01-07 13:52 - 2016-01-07 13:52 - 00003442 _____ C:\Windows\System32\Tasks\IBUpd
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBrowser
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\Users\Scott\AppData\Local\TheBrowser
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
2016-01-07 13:52 - 2016-01-07 13:52 - 00000000 ____D C:\Program Files (x86)\gmsd_us_005010200
2016-01-07 13:51 - 2016-01-07 13:51 - 00001077 _____ C:\Users\Public\Desktop\KNCTR.lnk
2016-01-07 13:51 - 2016-01-07 13:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Itibiti
2016-01-07 13:51 - 2016-01-07 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2016-01-07 13:51 - 2016-01-07 13:51 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2016-01-07 13:50 - 2016-01-07 14:17 - 00003734 _____ C:\Windows\System32\Tasks\SecurityApps2
2016-01-07 13:50 - 2016-01-07 13:50 - 00000000 ____D C:\Users\Scott\AppData\Local\SecurityApps
2016-01-07 13:50 - 2016-01-07 13:50 - 00000000 ____D C:\Users\Scott\AppData\Local\4C4C4544-1452174645-3310-8048-B7C04F305231
2016-01-07 13:50 - 2016-01-07 13:50 - 00000000 ____D C:\Program Files (x86)\PC Optimizer
2016-01-07 13:49 - 2016-01-07 14:11 - 00000000 ____D C:\ProgramData\JwDgdEtp
2016-01-07 13:49 - 2016-01-07 13:51 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.11772
2016-01-07 13:49 - 2016-01-07 13:50 - 00000000 ____D C:\ProgramData\DataFile
2016-01-07 13:49 - 2016-01-07 13:49 - 00002615 _____ C:\Users\Public\Desktop\AllPCOptimizer.exe.lnk
2016-01-07 13:49 - 2016-01-07 13:49 - 00000008 _____ C:\END
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\ProgramData\TVTime
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All PC Optimizer
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2016-01-07 13:49 - 2016-01-07 13:49 - 00000000 ____D C:\Program Files (x86)\AllPCOptimizer
2016-01-07 13:48 - 2016-01-07 14:14 - 00000342 ____H C:\Windows\Tasks\IKRNRNFTJUKUGYYE.job
2016-01-07 13:48 - 2016-01-07 14:14 - 00000330 _____ C:\Windows\Tasks\AKAJBNYC1.job
2016-01-07 13:48 - 2016-01-07 13:52 - 00000000 ____D C:\Users\Scott\AppData\Local\DeskBar
2016-01-07 13:48 - 2016-01-07 13:48 - 00004220 _____ C:\Windows\System32\Tasks\amiupdaterExi
2016-01-07 13:48 - 2016-01-07 13:48 - 00004182 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
2016-01-07 13:48 - 2016-01-07 13:48 - 00004176 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
2016-01-07 13:48 - 2016-01-07 13:48 - 00003402 _____ C:\Windows\System32\Tasks\amiupdaterExd
2016-01-07 13:48 - 2016-01-07 13:48 - 00003376 _____ C:\Windows\System32\Tasks\IKRNRNFTJUKUGYYE
2016-01-07 13:48 - 2016-01-07 13:48 - 00002852 _____ C:\Windows\System32\Tasks\AKAJBNYC1
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\ProgramData\Service1291
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\ProgramData\FlashBeat
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-01-07 13:48 - 2016-01-07 13:48 - 00000000 ____D C:\Program Files (x86)\SwiftSearch_1.10.0.25
2016-01-07 13:06 - 2016-01-07 13:06 - 00000000 ____D C:\ProgramData\sushileads
2016-01-07 13:05 - 2016-01-07 13:05 - 00001443 _____ C:\ProgramData\tempimage.bmp
2016-01-07 13:04 - 2016-01-07 13:14 - 00000000 ____D C:\Users\Scott\AppData\Local\4C4C4544-1452171875-3310-8048-B7C04F305231
2016-01-07 13:04 - 2016-01-07 13:02 - 00000178 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-07 13:03 - 2016-01-07 13:03 - 00001826 _____ C:\Users\Scott\Desktop\Note-Up.lnk
2016-01-07 13:03 - 2016-01-07 13:03 - 00001826 _____ C:\Users\Guest\Desktop\Note-Up.lnk
2016-01-07 13:03 - 2016-01-07 13:03 - 00000000 ___HD C:\Program Files\AmazingTab
2016-01-07 13:03 - 2016-01-07 13:03 - 00000000 ____D C:\Program Files\amztab
2016-01-07 13:03 - 2016-01-07 13:03 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1452189802-3310-8048-B7C04F305231
2016-01-07 13:01 - 2016-01-07 13:06 - 00000000 ____D C:\Program Files (x86)\sushileads
2016-01-07 13:01 - 2016-01-07 13:01 - 00003512 _____ C:\Windows\System32\Tasks\SushiLeads
2015-12-19 12:07 - 2015-12-20 09:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-17 16:08 - 2015-12-17 16:08 - 02560512 _____ (winpcoptimizerbetatwo) C:\Windows\Allpcoptimizer.exe
2015-12-17 16:08 - 2015-12-17 16:08 - 00155136 _____ C:\Windows\Allpcoptimizer.pdb
2015-12-10 18:22 - 2015-12-10 18:22 - 00188104 _____ C:\ods.exe
2015-12-08 14:56 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 14:56 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 14:56 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 14:56 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 14:56 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 14:56 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 14:56 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 14:56 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 14:56 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 14:56 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 14:56 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 14:56 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 14:56 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 14:56 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 14:56 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 14:56 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 14:56 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 14:56 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 14:56 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 14:56 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 14:56 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 14:56 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 14:56 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 14:56 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 14:56 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 14:56 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 14:56 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 14:56 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 14:56 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 14:56 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 14:56 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 14:56 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 14:56 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 14:56 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 14:56 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 14:56 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 14:56 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 14:56 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 14:56 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 14:56 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 14:56 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 14:56 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 14:56 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 14:56 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 14:56 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 14:56 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 14:56 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 14:56 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 14:56 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 14:56 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 14:56 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 14:56 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 14:56 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 14:56 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 14:56 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 14:56 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 14:56 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 14:56 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 14:56 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 14:56 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 14:56 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 14:56 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 14:56 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 14:56 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 14:56 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 14:56 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 14:56 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 14:56 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 14:56 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 14:56 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 14:56 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 14:56 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 14:56 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 14:56 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 14:56 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 14:56 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 14:56 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 14:56 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 14:56 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 14:56 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 14:56 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 14:56 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 14:56 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 14:56 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 14:56 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 14:56 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-08 14:56 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-08 14:56 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 14:56 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 14:56 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 14:56 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 14:56 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 14:56 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-08 14:56 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 14:56 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 14:56 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 14:56 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 14:56 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 14:56 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 14:56 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-08 14:56 - 2015-10-08 14:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 14:56 - 2015-10-08 13:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-08 13:52 - 2015-12-08 13:52 - 00000151 _____ C:\ods.exe.config
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-07 16:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-07 16:03 - 2014-11-30 00:00 - 00000000 ____D C:\Windows\Minidump
2016-01-07 16:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-07 15:05 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-07 14:17 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-07 14:17 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-07 14:14 - 2013-05-26 10:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-07 14:14 - 2013-02-21 09:47 - 00001610 _____ C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-07 14:14 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-07 13:56 - 2013-02-21 09:46 - 00000000 ____D C:\Users\Scott
2016-01-07 13:51 - 2013-06-05 17:00 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-07 13:51 - 2013-06-05 17:00 - 00001340 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-07 13:44 - 2013-05-26 10:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-20 09:22 - 2013-07-31 14:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-18 14:57 - 2013-06-05 17:37 - 00000000 ____D C:\Users\Scott\AppData\Roaming\MediaMonkey
2015-12-17 22:18 - 2011-06-08 17:58 - 00774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-17 22:17 - 2015-04-06 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-17 22:17 - 2015-04-06 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-09 13:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-09 10:31 - 2009-07-13 23:45 - 00413176 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 00:35 - 2013-05-31 13:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 00:34 - 2013-06-05 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 00:34 - 2013-06-05 19:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 00:34 - 2013-06-05 19:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 00:32 - 2013-08-15 02:00 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 00:30 - 2011-06-08 13:21 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:39 - 2011-06-08 16:21 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 15:24 - 2013-12-21 20:36 - 00000000 ___RD C:\Users\Scott\Documents\Outlook Files
==================== Files in the root of some directories =======
2013-02-21 10:00 - 2014-01-01 10:52 - 0007605 _____ () C:\Users\Scott\AppData\Local\Resmon.ResmonCfg
2013-07-24 10:10 - 2013-07-24 10:48 - 0000710 _____ () C:\ProgramData\hpzinstall.log
2016-01-07 13:05 - 2016-01-07 13:05 - 0001443 _____ () C:\ProgramData\tempimage.bmp
Some files in TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\5A5F.tmp.exe
C:\Users\Scott\AppData\Local\Temp\amisetup1931__15940.exe
C:\Users\Scott\AppData\Local\Temp\amzngtb.exe
C:\Users\Scott\AppData\Local\Temp\fsd24CF.exe
C:\Users\Scott\AppData\Local\Temp\InstallHelper.exe
C:\Users\Scott\AppData\Local\Temp\netstream.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-30 17:39
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Scott (2016-01-07 16:08:05)
Running from Y:\Scotty\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-02-21 14:46:43)
Boot Mode: Safe Mode (minimal)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-667926241-938725764-3588881007-500 - Administrator - Disabled)
Guest (S-1-5-21-667926241-938725764-3588881007-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-667926241-938725764-3588881007-1002 - Limited - Enabled)
Scott (S-1-5-21-667926241-938725764-3588881007-1000 - Administrator - Enabled) => C:\Users\Scott
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.15.58233 - ABBYY) Hidden
Acronis True Image Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis True Image Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced ScreenSnapshotTool 1.1.0.11130 (HKLM\...\{61FFE1F9-137D-4c31-A181-3415FCAA5946}) (Version: 1.1.0.11130 - ShenZhen Enode Techology co,.Ltd) <==== ATTENTION
AllPCOptimizer (HKLM-x32\...\{20A647C6-0C59-42A7-B3B4-1E95674496BB}) (Version: 2.00.0000 - All PC Optimizer)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ATI AVIVO64 Codecs (Version: 11.6.0.10104 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== ATTENTION
BufferChm (x32 Version: 130.0.327.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2011.0104.2155.39304 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DeskBar (HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\{DE6791BD-7EAC-4822-B923-B8D6393C6110}_is1) (Version: 2.7.1.1750 - Goobzo LTD)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0000 - SEIKO EPSON Corp.)
EPSON WorkForce GT-1500 Scanner Driver Update version 3.0.2.0 (HKLM-x32\...\ScannerDriverUpdateEPSON WorkForce GT-1500_is1) (Version: 3.0.2.0 - Epson America Inc.)
FlashBeat (HKLM-x32\...\FlashBeat) (Version: - ) <==== ATTENTION
GamesDesktop 025.005010200 (HKLM-x32\...\gmsd_us_005010200_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G3010 (HKLM\...\{3B3FA519-42F3-4534-B867-960481329CFC}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
hpg3010 (x32 Version: 14.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
ISIS Driver - EPSON GT-1500 v1.0 (HKLM-x32\...\{D41864EF-CC5D-4CF4-B0B9-CA3152164157}) (Version: 1.0 - EMC Captiva)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KNCTR (HKLM-x32\...\Itibiti_is1) (Version: - Itibiti Inc.)
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Media Add-ons for Acronis True Image Home 2012 (HKLM-x32\...\{9A5509EE-5579-46C1-B566-5065545547F9}) (Version: 15.0.5060 - Acronis)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Navtech PBS (HKLM-x32\...\{BDFBF58B-19D7-479C-B324-D73FCE13F07E}) (Version: 15.1.21 - Navtech Inc)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PC Mechanic (HKLM-x32\...\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1) (Version: 1.0.15.0 - Uniblue Systems Limited)
PC Optimizer (HKLM-x32\...\{D2CB3C4E-701F-4277-B7B1-1708AE9364BF}) (Version: 1.0.0 - PC Optimizer)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pluto TV version 0.1.5 (HKLM-x32\...\Pluto TV_is1) (Version: 0.1.5 - Pluto TV)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{DEA18FF6-D84A-4242-9663-692E5BA56805}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Search Too Know (HKLM-x32\...\Search Too Know) (Version: 2.0.5850.19374 - Search Too Know) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.0.0.1 - ) <==== ATTENTION
SolutionCenter (x32 Version: 130.0.369.000 - Hewlett-Packard) Hidden
SpaceSoundPro (HKLM\...\SpaceSoundPro) (Version: 1.0 - ) <==== ATTENTION
SpaceSoundPro Service (HKLM-x32\...\zz.11772.ssp) (Version: 1.0.0 - CSDI) <==== ATTENTION
SwiftSearch 1.10.0.25 (HKLM-x32\...\SwiftSearch_1.10.0.25) (Version: 1.10.0.25 - SwiftSearch) <==== ATTENTION
TheBrowser (HKU\S-1-5-21-667926241-938725764-3588881007-1000\...\TheBrowser) (Version: 44.4.9.7 - TheBrowser)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TV Time (HKLM-x32\...\TVTime) (Version: 2.7.79 - Ratio Applications)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebReg (x32 Version: 130.0.128.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Samsung Re-Drive (HKLM-x32\...\{500BDCEA-4EFA-4DC3-9768-74C1A2C3E48B}_is1) (Version: 1.6.0 - Samsung Electronics)
Zune (HKLM\...\Zune) (Version: 04.07.1404.00 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09F90E68-DA1C-4F6C-B841-F8C69B801FAA} - System32\Tasks\SecurityApps2 => C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe [2015-12-16] ()
Task: {0E87A7A2-43C0-4286-8328-8D4BE78408B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {10AB3684-CFE2-4409-A56C-28866FAA4C7E} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {1B81F6F7-D661-4C10-99D7-CBE22D8CAB1C} - System32\Tasks\amiupdaterExi => C:\Users\Scott\AppData\Local\Temp\amiupdater1359.exe <==== ATTENTION
Task: {265116BC-ACF3-45BC-B4AF-47CD03882CE6} - System32\Tasks\AmiUpdXp => C:\Users\Scott\AppData\Local\3473\Updater.exe [2016-01-07] () <==== ATTENTION
Task: {274B70FF-1773-47A5-91B0-7D422A882FB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2D4E93B2-2EDD-4B1E-818D-1BD4C3A1FA3D} - System32\Tasks\AKAJBNYC1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2016-01-06] (FlashBeat) <==== ATTENTION
Task: {43DDC59A-A7C0-453C-A8AB-67428EE055C6} - System32\Tasks\IKRNRNFTJUKUGYYE => C:\ProgramData\Service1291\Service1291.exe [2016-01-07] () <==== ATTENTION
Task: {50E1D155-5DD3-4E47-9029-5A8A80E1762D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {52246412-D952-4727-9F88-7D621A958CFD} - System32\Tasks\amiupdaterExd => C:\Users\Scott\AppData\Local\Temp\task.vbs <==== ATTENTION
Task: {59713759-E2A7-4E46-AF24-6E2D53B3AE74} - System32\Tasks\Eotnuaivg => C:\ProgramData\Eotnuaivg\1.0.7.1\ejletode.exe [2016-01-07] ()
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {7A88CC93-A7A4-4AB8-96F2-49C4BE6BFC89} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {927C15B7-1E5C-44DC-AC06-6EF662B1CB48} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-10-11] ()
Task: {A993F337-A89A-4059-90E1-449F3125E2E6} - System32\Tasks\IBUpd => C:\Users\Scott\AppData\Local\TheBrowser\Application\updater.exe [2015-12-02] ()
Task: {ADC6F1F9-C81A-4094-A4DC-9B4A1D0A5177} - System32\Tasks\PC-Mechanic Startup => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-11-30] (Uniblue Systems Limited)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E0E79F92-5B4C-47E1-8E7A-A934E27190D0} - System32\Tasks\PC-Mechanic Maintenance => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-11-30] (Uniblue Systems Limited)
Task: {ED4EEF2F-B12F-4C31-80D9-DB29FB1DA5F3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {EE2FA1A6-3E7D-4BCF-A25D-FB1E26B2AA66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F3216CD2-D2CC-4388-904C-AD72E7841DDD} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\AKAJBNYC1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Scott\AppData\Local\3473\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\IKRNRNFTJUKUGYYE.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC-Mechanic Maintenance.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\Windows\Tasks\PC-Mechanic Startup.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (4).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-mysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-mysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-mysearch.com/?prd=set_epc&s=G17zftptn095001,472a1e06-2237-4588-ab7d-fb291cdec2e9,
==================== Loaded Modules (Whitelisted) ==============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2016-01-07 13:02 - 00000178 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-667926241-938725764-3588881007-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{55E767A9-7FA3-4B78-9740-D257157AC924}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C24AA2E3-EA76-4723-A0DD-3CE30DC901DF}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{B4F6F053-59D7-4FFC-8E54-BF88FA5894F6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0BBAE6D1-AF66-47BF-BCFF-0AD4AA04B18E}] => (Allow) LPort=2869
FirewallRules: [{44CCB118-A37D-4D9A-9560-BB5EBB15C424}] => (Allow) LPort=1900
FirewallRules: [{04988C14-16B6-458B-9E7E-7DF9B0F1E346}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C2B48621-1BD6-4D85-8E03-089ED3E55494}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{3A957D5A-9B38-45E2-9C4C-C5D6A4550339}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{015127B5-61CE-40F8-9524-3986A3C1C1A6}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{11F82E51-66F3-47AB-9919-D577DD481B1C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4BFAD3C1-9E3E-4A50-AD2F-B48C7038AAD3}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{43274E2C-3150-4295-878A-8A9775D04DE1}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{94C9AFE6-89DF-4116-A5B3-BDB5AF153222}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DC780B5B-46CE-4E83-AEE2-DA591A785EFA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{17C78897-9F52-4A8B-A0A8-480F8831FB41}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{CE9382B9-A4F6-415F-B77B-1851E94E5A93}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{ACCBC4D3-BC41-4947-BB30-CB8745101DDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{ADD1316B-A8BD-4517-B663-F7ABB64975EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{5EA29DDE-84B1-48B9-A1ED-75A87DB943A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{15546992-EDC7-4734-9B61-BE7CE67AA312}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{9F56BB72-9F83-4D55-90C1-07942DA52FED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{83FAAF5A-DDD1-49D0-97EA-F8846FDC4706}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{E2A7ACEA-1ED0-4D85-A32C-CC4C976881B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{9679C4C8-EF5D-4AB2-9500-453CC30123FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D30A296A-F68C-4D17-A1CF-DC603165A4E2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{61D2CE6D-7780-4875-8689-DB771C1076AE}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{441A2721-3375-457C-BE4B-512981AC7AB7}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{52ECCBE9-4E2F-461D-ABD0-CE1DC8427D90}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{E005147C-6001-4494-A639-97A0ED898593}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
FirewallRules: [{098F0A78-C6AE-479B-8779-188CC68B5445}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE71F19B-D9A7-4A8D-8EB3-7C1DAF150093}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9FFE697F-A8E5-44DA-BAA4-054A1EE06DC3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{401D7B74-444D-4786-BB38-E4B0BF73B0D8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{819F0791-D610-4C77-AD3F-1BFA8F18153B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{4932DECD-414A-4F67-BCA0-320F27F6AD83}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{DC598A93-E5E1-4D33-A820-D68D7EE550D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{261C5C2A-652E-40E0-83ED-5D8AFC5E410C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF87607D-93F9-45FE-9AFC-1EABD98CCA1B}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{2DE0D8BB-761D-43D1-9C8D-7C79C15F72FD}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{A56E3F8E-852C-447B-88D9-F499A7937DC0}] => (Allow) C:\Users\Scott\AppData\Local\TheBrowser\Application\TheBrowser.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2016 04:05:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (1516) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Scott\AppData\Local\Microsoft\Windows\WebCache\V0108F25.log.
Error: (01/07/2016 02:16:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wiindows.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 129c
Start Time: 01d1497fe4e14ca7
Termination Time: 0
Application Path: C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe
Report Id:
Error: (01/07/2016 02:16:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wiindows.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 2020
Start Time: 01d1497fb96927d0
Termination Time: 0
Application Path: C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe
Report Id:
Error: (01/07/2016 02:15:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PlutoTV.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1914
Start Time: 01d1497fb2ba71df
Termination Time: 2
Application Path: C:\Program Files (x86)\Pluto TV\PlutoTV.exe
Report Id:
Error: (01/07/2016 02:14:49 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (6140) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Error: (01/07/2016 02:11:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TheBrowser.exe, version: 44.4.9.7, time stamp: 0x56558593
Faulting module name: chrome.dll, version: 44.4.9.7, time stamp: 0x565580ed
Exception code: 0x80000003
Fault offset: 0x000a2500
Faulting process id: 0x224c
Faulting application start time: 0xTheBrowser.exe0
Faulting application path: TheBrowser.exe1
Faulting module path: TheBrowser.exe2
Report Id: TheBrowser.exe3
Error: (01/07/2016 01:51:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/07/2016 01:51:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/07/2016 01:13:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dm.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1474
Start Time: 01d14976c1a59030
Termination Time: 0
Application Path: C:\Users\Scott\AppData\Local\Temp\is-5AVTG.tmp\dm.tmp
Report Id:
Error: (01/07/2016 01:12:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program predm.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: f48
Start Time: 01d14976bf2ec388
Termination Time: 0
Application Path: C:\Users\Scott\AppData\Local\Temp\is-T6TQN.tmp\predm.tmp
Report Id:
System errors:
=============
Error: (01/07/2016 04:07:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
Error: (01/07/2016 04:07:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/07/2016 04:06:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/07/2016 04:06:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (01/07/2016 04:06:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
CodeIntegrity:
===================================
Date: 2016-01-07 13:27:35.684
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2016-01-07 13:27:35.668
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2016-01-07 13:27:35.668
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2016-01-07 13:27:35.637
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2016-01-07 13:27:35.637
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2016-01-07 13:27:35.622
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2016-01-07 13:27:35.341
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2016-01-07 13:27:35.325
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2016-01-07 13:27:35.325
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
Date: 2016-01-07 13:27:35.294
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume5\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.
==================== Memory info ===========================
Processor: Intel® Core i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 12%
Total physical RAM: 6126.46 MB
Available physical RAM: 5365.5 MB
Total Virtual: 6124.66 MB
Available Virtual: 5399.93 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:105.99 GB) (Free:44.88 GB) NTFS
Drive i: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive j: (Cruzer) (Removable) (Total:7.47 GB) (Free:4.83 GB) FAT32
Drive w: (Audio/Video) (Fixed) (Total:1299.61 GB) (Free:1224.55 GB) NTFS
Drive y: (Misc Files) (Fixed) (Total:97.66 GB) (Free:75.99 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B70CC00B)
Partition 1: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=1299.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 69870F89)
Partition 1: (Not Active) - (Size=1024 KB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 7.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Thnx in advance.
Edited by scewter, 07 January 2016 - 03:21 PM.