Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HP620 laptop not responding, freezing, flashing, going really slow [So


  • This topic is locked This topic is locked

#1
pumpkinace

pumpkinace

    Member

  • Member
  • PipPip
  • 45 posts

Hi thanks again for your comments in fb messenger.  Here is the message I was trying to post yesterday.  I will also send it by email to Blair as requested.  Thanks

 

Hi, some time now I have had issues with my laptop not responding to programs, windows explorer and internet and going really slow (painfully slow!). I experience the screen flashing, the windows 'circle' taking forever to open up or restore a program to the screen.  Any icon I press takes ages to open. The mouse pointer flashes like crazy. I believe it was a virus/bug/trojan which originally caused it, as I was looking up something on the internet (silvercrest I think) when my machine started to go crazy, but couldn't be 100% as on checking my hard drive the bios scan said it was corrupt (although this could have been the virus/trojan that caused it).  I have since installed a new hard drive and the bios scan has not detected any errors.
I used a windowsimage to install all my programes etc onto the new hard drive and unfortunately I am still having problems with not responding, hanging etc.  I am now using malwarebytes premium but wasn't at the time, windows security and ccleaner. I believe there is still something in my machine that is causing my problems.  I have checked all the drivers, resinstalled them and updated them although I still have problems with the bluetooth peripheral drive which doesn't seem to work anymore.  Looking at the logs below it has found several other problems but i wouldn't know how to sort them.  I use mozilla firefox and microsoft small business 2007 software. Any advice is greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by da (administrator) on DAWNGREENAWAY (06-02-2016 14:48:24)
Running from C:\Users\da\Desktop
Loaded Profiles: da (Available Profiles: da)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Etherdigital Limited) C:\Program Files\Coolroom\DownloadManagerService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEpson Portal\mepService.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEpson Portal\mep.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mediatek Inc.) C:\Program Files\MediatekWiFi\Common\RaRegistry.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
() C:\Program Files\Scan2PC\Sc2PCSvc.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Maxtor Corporation) C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Google Inc.) C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIKBE.EXE
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google Inc.) C:\Users\da\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Mediatek Inc.) C:\Program Files\MediatekWiFi\Common\RaUI.exe
(Dropbox, Inc.) C:\Users\da\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-01-28] (Hewlett-Packard Company)
HKLM\...\Run: [basicsmssmenu] => C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [PMSpeed] => C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [569696 2014-03-13] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iTunesHelper] => c:\program files\itunes\ituneshelper.exe [157456 2015-12-09] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296520 2015-02-08] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2010-01-12] (PDF Complete Inc)
HKLM\...\Run: [Windows Mobile Device Center] => C:\windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [RealDownloader] => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM\...\Run: [QuickTime Task] => "c:\program files\quicktime\qttask.exe" -atboottime
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM\...\runonceex: [ContentMerger] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-11-23] (Sonic Solutions)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Run: [Google Update] => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Run: [Dropbox Update] => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIKBE.EXE [261696 2013-09-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Run: [MusicManager] => C:\Users\da\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-12-01] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-11]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2014-07-19]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files\MediatekWiFi\Common\RaUI.exe (Mediatek Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-02-08]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\da\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\da\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BD53176A-3F68-456B-BD0F-953EEA4D05E8}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C385B932-3828-44FE-A24E-AA6C92A2CA4B}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{EDB6B648-580F-4622-89D4-8FE183E73E20}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3932258823-1374462109-926273279-1001 -> {4CF47C40-C912-4248-B5E3-E9D60E076B5D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON CORPORATION)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\7kqpp9n5.default-1438028867560
FF Homepage: hxxps://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-22] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\windows\system32\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.15.10 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2015-02-08] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2015-02-08] (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3932258823-1374462109-926273279-1001: @tools.google.com/Google Update;version=3 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3932258823-1374462109-926273279-1001: @tools.google.com/Google Update;version=9 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2015-02-08] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2015-02-08] (RealPlayer Cloud)
FF Extension: Garmin Communicator - C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\7kqpp9n5.default-1438028867560\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-07-31]
FF Extension: UW CashBack Wizard - C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\7kqpp9n5.default-1438028867560\Extensions\@uw-cashback-wizard-pub.xpi [2015-12-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-12-24] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-12-24] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-12-24] [not signed]
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-25] [not signed]
FF HKLM\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-08-17] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyB0E0B0B0C0AtB0ByB0CtN0D0Tzu0SyBtAzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1596355703&ir="
CHR Profile: C:\Users\da\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\da\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-12]
CHR Extension: (Chrome core) - C:\ProgramData\chrome\extension\chrome-core [2015-09-19]
CHR Extension: (__MSG_extName__) - C:\ProgramData\chrome\extension\dream-youtube-downloader [2015-09-19]
StartMenuInternet: Google Chrome.WB375URJVMMOHOZGJDSIZ3RWYU - C:\Users\da\AppData\Local\Google\Chrome\Application\46.10.2479.2\chromer.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
R2 Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
R2 BcmBtRSupport; C:\windows\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CoolroomDownloadManagerService; C:\Program Files\Coolroom\DownloadManagerService.exe [430080 2009-01-05] (Etherdigital Limited) [File not signed]
R2 EpsonScanSvc; C:\windows\system32\EscSvc.exe [126128 2012-05-16] (Seiko Epson Corporation)
R2 FsUsbExService; C:\windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [265272 2010-01-28] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-04-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R2 MyEpson Portal Service; C:\Program Files\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 RalinkRegistryWriter; C:\Program Files\MediatekWiFi\Common\RaRegistry.exe [401096 2014-05-01] (Mediatek Inc.)
S3 RaMediaServer; C:\Program Files\MediatekWiFi\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2016-01-03] (IBM Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-08] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [577376 2014-03-13] (Copyright 2013 SAMSUNG)
R2 Scan2PC; C:\Program Files\Scan2PC\Sc2PCSvc.exe [69632 2009-08-10] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe [229458 2010-01-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\windows\System32\drivers\bcbtums.sys [170552 2012-09-24] (Broadcom Corporation.)
R3 btwampfl; C:\windows\System32\DRIVERS\btwampfl.sys [507704 2012-07-03] (Broadcom Corporation.)
R3 dfmirage; C:\windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-04] (DemoForge, LLC)
R3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 HTCAND32; C:\windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKslc1a17118; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{409D274B-0D7D-4055-A712-741EE7251CBE}\MpKslc1a17118.sys [39168 2016-02-06] (Microsoft Corporation)
R1 MpKsleee02a82; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{409D274B-0D7D-4055-A712-741EE7251CBE}\MpKsleee02a82.sys [39168 2016-02-06] (Microsoft Corporation)
S3 netr28u; C:\windows\System32\DRIVERS\netr28u.sys [1704648 2014-01-24] (Ralink Technology Corp.)
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507079.sys [558456 2015-12-06] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [295000 2016-01-03] (IBM Corp.)
R0 RapportHades; C:\windows\System32\Drivers\RapportHades.sys [71384 2015-11-24] (IBM Corp.)
R0 RapportKELL; C:\windows\System32\Drivers\RapportKELL.sys [224344 2016-01-03] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [352408 2016-01-03] (IBM Corp.)
R3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [73344 2010-01-30] (Realtek Semiconductor Corp.)
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
R3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
S3 FTD2XX; System32\Drivers\FTD2XX.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 14:48 - 2016-02-06 14:50 - 00034028 _____ C:\Users\da\Desktop\FRST.txt
2016-02-06 14:44 - 2016-02-06 14:48 - 00000000 ____D C:\FRST
2016-02-06 14:42 - 2016-02-06 14:42 - 01721856 _____ (Farbar) C:\Users\da\Desktop\FRST.exe
2016-02-06 12:49 - 2015-08-05 17:40 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2016-02-06 12:49 - 2015-08-05 16:58 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-02-06 12:48 - 2016-01-22 06:05 - 12877824 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-02-06 12:48 - 2016-01-22 06:00 - 01498624 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-02-06 12:48 - 2016-01-22 05:59 - 01805824 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-02-06 12:48 - 2016-01-22 05:12 - 02973184 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-02-06 12:47 - 2016-01-16 18:42 - 00022464 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-02-06 12:47 - 2016-01-16 18:34 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-02-06 12:47 - 2016-01-11 14:07 - 01198080 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-02-06 12:47 - 2016-01-11 14:07 - 00591360 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-02-06 12:47 - 2016-01-11 14:07 - 00544768 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-02-06 12:47 - 2016-01-11 14:07 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-02-06 12:47 - 2016-01-11 14:07 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-02-06 12:32 - 2015-12-16 18:47 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-02-06 12:32 - 2015-12-16 18:43 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-02-06 12:32 - 2015-12-16 18:43 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-02-06 12:32 - 2015-12-16 18:43 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-02-06 12:30 - 2016-02-06 12:33 - 00002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
2016-02-06 12:27 - 2016-01-11 18:47 - 02956288 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-02-06 12:27 - 2016-01-11 18:47 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-02-06 12:27 - 2016-01-11 18:35 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-02-06 12:27 - 2016-01-11 18:17 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-02-06 12:27 - 2016-01-11 18:14 - 00573440 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-02-06 12:27 - 2016-01-11 18:14 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-02-06 12:27 - 2016-01-11 18:14 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-02-06 12:27 - 2016-01-11 18:14 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-02-06 12:27 - 2016-01-11 18:14 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-02-06 12:27 - 2016-01-11 18:14 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-02-06 12:27 - 2016-01-11 18:14 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-02-06 12:20 - 2016-02-06 12:33 - 00000000 ____D C:\windows\WindowsMobile
2016-02-06 12:17 - 2016-02-06 12:17 - 12644232 _____ (Microsoft Corporation) C:\Users\da\Downloads\drvupdate-x86.exe
2016-02-06 11:05 - 2016-02-06 11:05 - 00000375 _____ C:\windows\system32\Drivers\etc\hosts.ics
2016-02-06 10:39 - 2016-02-06 10:39 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-02-06 10:38 - 2016-02-06 10:38 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2016-02-05 19:32 - 2016-02-05 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
2016-02-05 19:26 - 2016-02-05 19:26 - 00001770 _____ C:\ProgramData\Microsoft\Windows\Start Menu\IDT Audio Control Panel.lnk
2016-02-05 19:23 - 2010-01-29 04:15 - 00527360 ____N (IDT, Inc.) C:\windows\system32\stapi32.dll
2016-02-05 19:17 - 2010-01-29 04:15 - 12423260 _____ (IDT, Inc.) C:\windows\system32\idtcpl.cpl
2016-02-05 19:17 - 2010-01-29 04:15 - 03350528 _____ (IDT, Inc.) C:\windows\system32\stlang.dll
2016-02-05 19:17 - 2010-01-29 04:15 - 00495708 _____ (IDT, Inc.) C:\windows\sttray.exe
2016-02-05 19:17 - 2010-01-27 10:28 - 00140288 _____ (Andrea Electronics Corporation) C:\windows\system32\aestacap.dll
2016-02-05 19:17 - 2009-10-10 08:45 - 00380928 _____ (Andrea Electronics Corporation) C:\windows\system32\aestecap.dll
2016-02-05 19:17 - 2009-03-03 09:57 - 00061440 _____ (Andrea Electronics Corporation) C:\windows\system32\aestaren.dll
2016-02-05 19:16 - 2010-01-29 04:15 - 00175616 _____ (IDT, Inc.) C:\windows\system32\staco.dll
2016-02-05 19:11 - 2010-01-30 05:45 - 00073344 ____R (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTSUVC.SYS
2016-02-05 19:11 - 2010-01-22 00:41 - 00122880 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtsUvcExt.dll
2016-02-05 19:11 - 2009-12-23 00:20 - 00327680 _____ (Realtek Semiconductor Corp.) C:\windows\RtsUvcUninst.exe
2016-02-02 20:36 - 2016-02-02 20:36 - 00001901 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-01-24 15:00 - 2016-01-24 15:00 - 06805440 _____ (Piriform Ltd) C:\Users\da\Downloads\ccsetup513(1).exe
2016-01-17 10:20 - 2016-01-17 10:21 - 06801616 _____ (Piriform Ltd) C:\Users\da\Downloads\ccsetup512_update(1).exe
2016-01-17 10:20 - 2016-01-17 10:20 - 06801616 _____ (Piriform Ltd) C:\Users\da\Downloads\ccsetup512_update.exe.part
2016-01-17 10:20 - 2016-01-17 10:20 - 00000000 _____ C:\Users\da\Downloads\ccsetup512_update.exe
2016-01-14 20:33 - 2016-01-14 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-14 20:33 - 2016-01-14 20:33 - 00000000 ____D C:\Program Files\QuickTime
2016-01-14 19:34 - 2015-12-08 21:00 - 02386944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-01-14 19:33 - 2015-12-23 22:52 - 00341192 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-01-14 19:33 - 2015-12-12 18:02 - 20367360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-01-14 19:33 - 2015-12-12 17:49 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-01-14 19:33 - 2015-12-12 17:49 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-01-14 19:33 - 2015-12-12 17:37 - 00496640 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-01-14 19:33 - 2015-12-12 17:37 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-01-14 19:33 - 2015-12-12 17:37 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-01-14 19:33 - 2015-12-12 17:36 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-01-14 19:33 - 2015-12-12 17:36 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-01-14 19:33 - 2015-12-12 17:33 - 02280448 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-01-14 19:33 - 2015-12-12 17:31 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-01-14 19:33 - 2015-12-12 17:30 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-01-14 19:33 - 2015-12-12 17:28 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-01-14 19:33 - 2015-12-12 17:27 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-01-14 19:33 - 2015-12-12 17:27 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-01-14 19:33 - 2015-12-12 17:27 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-01-14 19:33 - 2015-12-12 17:27 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-01-14 19:33 - 2015-12-12 17:22 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-01-14 19:33 - 2015-12-12 17:19 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-01-14 19:33 - 2015-12-12 17:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-01-14 19:33 - 2015-12-12 17:12 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-01-14 19:33 - 2015-12-12 17:10 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-01-14 19:33 - 2015-12-12 17:10 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-01-14 19:33 - 2015-12-12 17:09 - 04610560 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-01-14 19:33 - 2015-12-12 17:08 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-01-14 19:33 - 2015-12-12 17:02 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-01-14 19:33 - 2015-12-12 17:00 - 12856320 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-01-14 19:33 - 2015-12-12 17:00 - 02050560 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-01-14 19:33 - 2015-12-12 17:00 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-01-14 19:33 - 2015-12-12 17:00 - 00687104 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-01-14 19:33 - 2015-12-12 17:00 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-01-14 19:33 - 2015-12-12 16:41 - 02011136 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-01-14 19:33 - 2015-12-12 16:38 - 01311744 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-01-14 19:33 - 2015-12-12 16:36 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-01-14 19:31 - 2015-12-30 18:47 - 03993536 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2016-01-14 19:31 - 2015-12-30 18:47 - 03938240 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-01-14 19:31 - 2015-12-30 18:47 - 00138176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-01-14 19:31 - 2015-12-30 18:47 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-01-14 19:31 - 2015-12-30 18:44 - 01308160 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-01-14 19:31 - 2015-12-30 18:41 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-01-14 19:31 - 2015-12-30 18:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-01-14 19:31 - 2015-12-30 18:40 - 00654336 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-01-14 19:31 - 2015-12-30 18:40 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-01-14 19:31 - 2015-12-30 18:39 - 01060864 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-01-14 19:31 - 2015-12-30 18:39 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-01-14 19:31 - 2015-12-30 18:39 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-01-14 19:31 - 2015-12-30 18:38 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-01-14 19:31 - 2015-12-08 21:53 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-01-14 19:30 - 2015-12-30 18:41 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-01-14 19:30 - 2015-12-30 18:41 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-01-14 19:30 - 2015-12-30 18:41 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-01-14 19:30 - 2015-12-30 18:40 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-01-14 19:30 - 2015-12-30 18:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-01-14 19:30 - 2015-12-30 18:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-01-14 19:30 - 2015-12-30 18:38 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-01-14 19:30 - 2015-12-30 18:38 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-01-14 19:30 - 2015-12-30 18:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-01-14 19:30 - 2015-12-30 18:37 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-01-14 19:30 - 2015-12-30 17:44 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-01-14 19:30 - 2015-12-30 17:38 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-01-14 19:30 - 2015-12-30 17:32 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-01-14 19:30 - 2015-12-30 17:32 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-01-14 19:30 - 2015-12-30 17:32 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-01-14 19:30 - 2015-12-30 17:30 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-01-14 19:30 - 2015-12-30 17:30 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-01-14 19:30 - 2015-12-30 17:30 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-01-14 19:30 - 2015-12-30 17:30 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-01-14 19:28 - 2015-12-08 21:53 - 00509952 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-14 19:28 - 2015-12-08 21:53 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-14 19:28 - 2015-11-16 20:12 - 00176128 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-14 19:28 - 2015-11-13 22:50 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-01-14 19:28 - 2015-11-13 22:50 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-01-14 19:28 - 2015-11-13 22:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-01-14 19:27 - 2015-12-08 21:54 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-01-14 19:27 - 2015-12-08 21:54 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-14 19:27 - 2015-12-08 21:54 - 01568768 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-14 19:27 - 2015-12-08 21:54 - 01325056 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-14 19:27 - 2015-12-08 21:54 - 01202688 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2016-01-14 19:27 - 2015-12-08 21:54 - 00902144 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-14 19:27 - 2015-12-08 21:54 - 00815616 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-14 19:27 - 2015-12-08 21:54 - 00740352 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-01-14 19:27 - 2015-12-08 21:54 - 00739328 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-14 19:27 - 2015-12-08 21:54 - 00665088 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-14 19:27 - 2015-12-08 21:54 - 00541184 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-14 19:27 - 2015-12-08 21:54 - 00358400 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-14 19:27 - 2015-12-08 21:54 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-14 19:27 - 2015-12-08 21:53 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 00829952 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-01-14 19:27 - 2015-12-08 21:53 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-14 19:27 - 2015-12-08 21:53 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 00415744 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-14 19:27 - 2015-12-08 21:53 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-14 19:27 - 2015-12-08 21:53 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-14 19:27 - 2015-12-08 21:53 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-14 19:27 - 2015-12-08 21:53 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-14 19:27 - 2015-12-08 21:53 - 00153600 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-14 19:27 - 2015-12-08 21:53 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-14 19:27 - 2015-12-08 21:53 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-14 19:27 - 2015-12-08 21:53 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-01-14 19:27 - 2015-12-08 21:53 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-01-14 19:27 - 2015-12-08 21:53 - 00004608 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-01-14 19:27 - 2015-12-08 21:50 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-01-14 19:27 - 2015-12-08 21:43 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-01-14 19:27 - 2015-12-08 21:11 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-01-14 19:27 - 2015-12-08 21:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-01-07 21:17 - 2016-01-07 21:18 - 06805328 _____ (Piriform Ltd) C:\Users\da\Downloads\ccsetup513.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 14:36 - 2012-11-15 20:36 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job
2016-02-06 14:34 - 2015-06-22 10:31 - 00000906 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job
2016-02-06 14:33 - 2011-11-30 08:26 - 00000000 ____D C:\windows\pss
2016-02-06 14:25 - 2009-07-14 04:34 - 00025648 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-06 14:25 - 2009-07-14 04:34 - 00025648 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-06 14:12 - 2015-07-22 19:07 - 00000336 ____H C:\windows\Tasks\LUAYNFMQTAELIMQM.job
2016-02-06 14:06 - 2015-02-26 19:50 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-06 14:06 - 2010-11-15 12:43 - 00000000 ___RD C:\Users\da\Documents\My Dropbox
2016-02-06 14:05 - 2012-04-04 08:55 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-02-06 14:05 - 2010-11-15 12:40 - 00000000 ____D C:\Users\da\AppData\Roaming\Dropbox
2016-02-06 14:04 - 2013-12-02 21:46 - 00000000 ____D C:\Users\da\AppData\Roaming\.oit
2016-02-06 14:02 - 2009-07-14 04:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-06 14:02 - 2009-07-14 04:33 - 00459000 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-06 13:51 - 2010-12-14 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GroupMail 5
2016-02-06 13:51 - 2010-12-14 11:52 - 00000000 ____D C:\Program Files\GroupMail 5
2016-02-06 13:39 - 2010-11-03 11:58 - 00000000 ___RD C:\Users\da\Virtual Machines
2016-02-06 13:31 - 2014-12-12 12:34 - 00000000 ____D C:\windows\system32\appraiser
2016-02-06 13:31 - 2014-04-27 18:53 - 00000000 ___SD C:\windows\system32\CompatTel
2016-02-06 13:00 - 2010-06-10 07:19 - 00770820 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-06 12:59 - 2009-07-14 02:37 - 00000000 ____D C:\windows\inf
2016-02-06 11:31 - 2010-11-05 20:34 - 00000000 ____D C:\Users\da\AppData\Local\ElevatedDiagnostics
2016-02-06 10:57 - 2010-11-03 11:46 - 00126336 _____ C:\Users\da\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-06 10:41 - 2010-12-23 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-02-06 10:39 - 2010-12-23 13:54 - 00000000 ____D C:\Program Files\Microsoft Works
2016-02-06 10:39 - 2009-07-14 02:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-06 10:38 - 2010-04-25 20:36 - 00000000 ____D C:\windows\ShellNew
2016-02-06 10:34 - 2015-06-22 10:30 - 00000854 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job
2016-02-06 10:30 - 2009-07-14 02:04 - 00000478 _____ C:\windows\win.ini
2016-02-06 09:29 - 2015-07-22 14:29 - 00000344 _____ C:\windows\Tasks\TrafficMaster.job
2016-02-06 00:36 - 2012-11-15 20:36 - 00000844 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job
2016-02-05 20:00 - 2010-06-10 07:48 - 00000000 ____D C:\ProgramData\Uninstall
2016-02-05 20:00 - 2010-06-10 07:46 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2016-02-05 20:00 - 2010-06-10 07:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-02-05 20:00 - 2010-06-10 07:09 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-02-05 19:58 - 2010-06-10 07:36 - 00000000 ____D C:\ProgramData\PDFC
2016-02-05 19:58 - 2010-06-10 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2016-02-05 19:58 - 2010-06-10 07:36 - 00000000 ____D C:\Program Files\PDF Complete
2016-02-05 19:57 - 2010-06-10 07:49 - 00000000 ____D C:\windows\Hewlett-Packard
2016-02-05 19:56 - 2010-11-03 11:49 - 00000000 ____D C:\Users\da\AppData\Roaming\Hewlett-Packard
2016-02-05 19:42 - 2010-06-10 07:59 - 00000000 ____D C:\Program Files\Realtek
2016-02-05 19:25 - 2010-08-11 07:14 - 00000000 ____D C:\Program Files\IDT
2016-02-05 19:13 - 2010-11-03 11:48 - 00000000 ____D C:\Users\da\AppData\Roaming\hpqLog
2016-02-05 19:08 - 2010-02-23 18:45 - 00000000 ___HD C:\SYSTEM.SAV
2016-02-05 14:56 - 2010-11-03 11:45 - 00000000 ____D C:\Users\da
2016-02-05 13:01 - 2010-04-25 20:36 - 00000000 ____D C:\windows\CSC
2016-02-02 20:37 - 2010-11-16 15:55 - 00000000 ____D C:\Program Files\Garmin
2016-02-02 20:36 - 2011-04-07 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-02-02 20:34 - 2014-10-16 18:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 20:33 - 2015-08-24 10:01 - 00000308 _____ C:\windows\Tasks\HPCeeScheduleForda.job
2016-01-31 15:15 - 2010-11-07 22:27 - 00000000 ____D C:\Users\da\Documents\My PageManager
2016-01-31 15:07 - 2015-08-09 13:39 - 00000000 ____D C:\Users\da\AppData\Local\Garmin_Ltd._or_its_subsid
2016-01-29 13:42 - 2010-11-07 22:00 - 00000000 ___RD C:\Users\da\Documents\Password
2016-01-29 12:50 - 2012-05-02 21:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-27 12:46 - 2015-12-24 14:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-25 12:03 - 2015-11-17 18:47 - 00000000 ____D C:\Users\da\Documents\Funeral Work
2016-01-22 16:10 - 2010-11-16 14:10 - 00000000 ____D C:\Users\da\Documents\Personal
2016-01-22 16:05 - 2012-04-04 08:55 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-01-22 16:05 - 2011-05-30 09:54 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-01-19 13:57 - 2011-07-26 15:36 - 00000340 _____ C:\windows\Tasks\HPCeeScheduleForDAWNGREENAWAY$.job
2016-01-17 15:26 - 2009-07-14 02:37 - 00000000 ____D C:\windows\rescache
2016-01-17 12:52 - 2010-11-14 19:18 - 00000000 ____D C:\Users\da\Documents\CCleaner
2016-01-17 10:26 - 2010-11-14 19:14 - 00001006 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-15 16:33 - 2010-11-07 19:50 - 00000000 ___RD C:\Program Files\Skype
2016-01-15 14:58 - 2010-11-11 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-15 14:57 - 2010-11-11 18:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-15 14:52 - 2013-09-19 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-01-14 22:18 - 2013-07-15 14:43 - 00000000 ____D C:\windows\system32\MRT
2016-01-14 22:18 - 2010-11-11 17:32 - 141317472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-01-14 17:18 - 2014-08-29 09:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-12 20:49 - 2012-10-19 19:58 - 00000000 ____D C:\Temp
2016-01-10 20:10 - 2010-11-20 15:12 - 00013030 _____ C:\PDOXUSRS.NET

==================== Files in the root of some directories =======

2013-01-12 16:40 - 2013-01-12 17:20 - 0025629 _____ () C:\Users\da\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-01-14 17:27 - 2014-01-06 20:02 - 0025593 _____ () C:\Users\da\AppData\Roaming\Comma Separated Values (Windows).ADR
2011-03-08 12:00 - 2011-06-22 11:53 - 0001849 _____ () C:\Users\da\AppData\Roaming\GhostObjGAFix.xml
2011-03-28 15:03 - 2012-02-03 14:45 - 0022784 _____ () C:\Users\da\AppData\Roaming\Microsoft Excel 97-2003.ADR
2010-11-20 15:14 - 2010-11-20 15:15 - 0033280 ___SH () C:\Users\da\AppData\Roaming\Thumbs.db
2012-05-17 16:03 - 2012-11-22 16:29 - 0007106 _____ () C:\Users\da\AppData\Roaming\unins003.dat
2010-11-17 19:50 - 2010-11-17 19:51 - 0027623 _____ () C:\Users\da\AppData\Roaming\UserTile.png
2014-01-08 21:01 - 2014-01-08 21:01 - 0000059 _____ () C:\Users\da\AppData\Roaming\WB.CFG
2011-01-30 10:33 - 2012-05-12 19:59 - 0009728 _____ () C:\Users\da\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 12:14 - 2015-11-12 22:27 - 0007603 _____ () C:\Users\da\AppData\Local\Resmon.ResmonCfg
2012-07-20 13:32 - 2012-07-20 13:33 - 0258348 _____ () C:\Users\da\AppData\Local\rx_image32.Cache
2015-12-13 23:57 - 2015-12-13 23:57 - 0980170 _____ () C:\Users\da\AppData\Local\WAV-to-MP3-Converter_1533.rar
2010-11-07 19:52 - 2010-11-07 19:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-06-10 07:57 - 2015-07-22 20:50 - 0000426 _____ () C:\ProgramData\HPWALog.txt
2015-07-22 21:16 - 2015-07-22 21:16 - 0001664 _____ () C:\ProgramData\tempimage.bmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-03 00:29

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by da (2016-02-06 14:53:11)
Running from C:\Users\da\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2010-11-03 11:44:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3932258823-1374462109-926273279-500 - Administrator - Disabled)
da (S-1-5-21-3932258823-1374462109-926273279-1001 - Administrator - Enabled) => C:\Users\da
Guest (S-1-5-21-3932258823-1374462109-926273279-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3932258823-1374462109-926273279-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung)
Amazon Kindle (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Cashbook (HKLM\...\{ACF23689-C863-47CF-90BD-1082B60B0F19}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coolroom (HKLM\...\{734C8402-3F5D-495D-A463-3176B46775E9}) (Version: 1.0.0 - Ether Digital)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DemoForge Mirage Driver for TightVNC 2.0 (HKLM\...\DemoForge Mirage Driver for TightVNC_is1) (Version: 2.0 - DemoForge LLC)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Manager (HKLM\...\InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}) (Version: 1.00.0012 - Seagate Technology)
Drive Manager (Version: 1.00.0012 - Seagate Technology) Hidden
Dropbox (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Elevated Installer (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Connect Guide (HKLM\...\Epson Connect Guide) (Version:  - )
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM\...\{E402F650-650F-45C0-8F7A-00678D6AA0F6}) (Version: 2.6.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM\...\{5662F323-3D9C-4100-B60C-BC71B47DD0A1}) (Version: 3.10.0041 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.60.00 - SEIKO EPSON CORPORATION)
EPSON Manuals (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.40.0.0 - SEIKO EPSON CORPORATION)
Epson Network Guide WF-3520 Series (HKLM\...\WF-3520 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Remote Print Uninstall (HKLM\...\EPSON Remote Print) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.00.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON Universal Print Driver Printer Uninstall (HKLM\...\EPSON Universal Print Driver) (Version:  - SEIKO EPSON Corporation)
Epson User's Guide WF-3520 Series (HKLM\...\WF-3520 Series Useg) (Version:  - )
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WF-7610 Series Printer Uninstall (HKLM\...\EPSON WF-7610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FUJIFILM MyFinePix Studio 2.0 (HKLM\...\FinePix Genie_is1) (Version:  - )
Garmin City Navigator Europe NTU 2015.30 (HKLM\...\{63F1BF21-7435-4055-AA71-7ED2B7948C8C}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (HKLM\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome_is1) (Version:  - Google Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GoToMeeting 5.2.0.952 (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\GoToMeeting) (Version: 5.2.0.952 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{206E1EEB-027A-4FC0-B4ED-6E48203BD49A}) (Version: 1.1.1.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{9161546B-336A-4E3D-B049-F25A400558C6}) (Version: 3.5.14.1 - Hewlett-Packard Company)
HP Setup (HKLM\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM\...\{223E2363-6643-49CB-A062-59A9858EE8EE}) (Version: 3.5.17.1 - Hewlett-Packard Company)
HP Software Setup (HKLM\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Support Assistant (HKLM\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP User Guides 0190 (HKLM\...\{5B0D9F1A-425E-46C4-B06D-2C0736C1E804}) (Version: 1.00.0000 - Hewlett-Packard)
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.17.13 - Roxio)
HP Webcam Driver (HKLM\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0028 - Realtek Semiconductor Corp.)
HP Wireless Assistant (HKLM\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
iCloud (HKLM\...\{C3867553-D9F8-416E-8F14-EFF234A48577}) (Version: 5.1.0.34 - Apple Inc.)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6268.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2057 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{F16EA575-26A5-4DAD-A800-95267BE02C12}) (Version: 12.3.2.35 - Apple Inc.)
Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LightScribe Diagnostic Utility (HKLM\...\{05F8CCEB-1EDD-4996-A0E0-FF6EDB1E75EA}) (Version: 1.18.23.1 - LightScribe)
LightScribe System Software (HKLM\...\{10427BCB-0742-43BE-81E2-3920972946F5}) (Version: 1.18.23.1 - LightScribe)
LightScribe Template Labeler (HKLM\...\{2765F726-849C-47B2-A82C-B257DFC0E01C}) (Version: 1.18.22.2 - LightScribe)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mediatek RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.38.0 - MediatekWiFi)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office FrontPage 2003 (HKLM\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 25.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 25.0.1 (x86 en-GB)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\MusicManager) (Version:  - Google, Inc.)
MyEpson Portal (HKLM\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
MyFreeCodec (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\MyFreeCodec) (Version:  - )
Naviextras Toolbox (HKLM\...\Naviextras Toolbox) (Version: 3.18.0.330918 - NNG Llc.)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Nuance PaperPort 12 (HKLM\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.116 - PDF Complete, Inc)
Presto! PageManager 9.03 SE (HKLM\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RAF (HKLM\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Rapport (Version: 3.5.1507.99 - Trusteer) Hidden
RealDownloader (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0011 - Realtek)
REALTEK Wireless LAN Software (HKLM\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan2PC (HKLM\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.3.0.21 - Q)
ScanSoft OmniPage SE 4 (HKLM\...\{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Scansoft PDF Professional (Version:  - ) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SkyPlayer for Windows Media Center (HKLM\...\{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}) (Version: 4.4.2.0 - Microsoft Corporation)
Software Updater (HKLM\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.1.9385  - TeamViewer GmbH)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1507.99 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (Version: 1.0.0 - RealNetworks) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
VPresent (HKLM\...\{72478BBA-D832-4E6B-93A0-E89431E7A8BB}) (Version: 2.2.20.0 - VPresent)
WAV MP3 Converter v4.3 build 1287 (HKLM\...\{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1) (Version:  - Hoo Technologies)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3400 - Broadcom Corporation)
Windows 7 Default Setting (HKLM\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (HKLM\...\0973B297E079B467E3776E59F763D63FD557795B) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
XHeader (HKLM\...\XHeader) (Version: 1.205 - Intellimon)
XHeader Bonus Download (HKLM\...\XHeader Bonus Download) (Version: 1.215 - Intellimon)
XSitePro2 (HKLM\...\XSitePro2) (Version: 2.149 - Intellimon Ltd)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\952\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A22FFD1-6CEB-4347-8265-3821A0C1F2BA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {0F4D914B-D23A-4698-9D86-8ACB7897DC18} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {1241C5CF-821F-454E-BDE4-D7640E8E7EE2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {1344DDC1-A85C-4CBA-A0E6-4AB2B67A0447} - System32\Tasks\sab3009 => C:\PROGRA~1\FASTSE~1\sab3009.exe <==== ATTENTION
Task: {1A22CA1F-7997-4B9F-A089-DC8E8692B595} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {1D155B23-AA5A-4708-9AC8-6F70453E36D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {201099AB-76BD-4D1D-9760-513BFCE3018E} - System32\Tasks\{E092E56F-395B-4834-BD8C-022B3A0CB4C7} => C:\Users\da\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {215EDD27-4061-4692-85EB-BA9400CB7E97} - System32\Tasks\{D6654F95-01F1-4535-A7B0-0B5D854A4744} => C:\Users\da\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {2A257F13-D7CE-4106-B598-4BE481674663} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {2A3DBE0A-CCE6-4B31-888B-376FD16A0D93} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {2B15A8A8-97B4-4181-AA48-1D2944B1E208} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {2F1660A0-1A6A-4C32-911B-49CDB141E730} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {315F6AF9-FEC3-4FB0-AD2B-7B62378C8DA4} - \Installer_geforce -> No File <==== ATTENTION
Task: {3D86961B-AF5C-44B5-A514-F49A2831DD9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {3E383FA3-0751-435B-A033-768AE7B4518C} - System32\Tasks\{9971F867-1FB6-4487-9934-640788B097E5} => C:\Program Files\WIDCOMM\Bluetooth Software\AdminUtils.exe [2012-10-17] (Broadcom Corporation.)
Task: {4540BA04-7903-43AC-BEB5-564A2C911F00} - System32\Tasks\{EB61F18D-E9FC-492A-BD73-A7A0B7853034} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {512E6DEB-CB5D-4CAE-A4BC-4318839733A2} - System32\Tasks\{7009BCAC-1A27-42E3-86C4-65A0C2B39D76} => pcalua.exe -a C:\Users\da\Documents\Downloads\mx850sosmwin110encm.exe -d C:\Users\da\Documents\Downloads
Task: {5269F030-F140-4AB5-B008-E287DE58068C} - System32\Tasks\HPCeeScheduleForDAWNGREENAWAY$ => c:\program files\hewlett-packard\hp ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {53790E83-EE53-42F8-BCAC-6848B107DF0F} - System32\Tasks\{F59679D7-FC51-4653-8FEC-61D0BEF9341A} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp55212.exe" -d C:\windows\system32
Task: {53A30C8F-5015-4623-9556-D61E4C48F136} - System32\Tasks\{4BE21352-3767-4BAE-9682-EEA5DECECC26} => pcalua.exe -a C:\Users\da\Downloads\gm5p_setup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {563BBA89-3EAB-44C9-BB33-BE2A91E979F7} - System32\Tasks\{5726758E-0E12-4B00-A9C1-EC425E3E67E9} => pcalua.exe -a C:\Users\da\Downloads\mx850sndwin250a_ntwin250aen.exe -d C:\windows\system32
Task: {58CF2000-3DF4-4BFD-A7E6-4CDE87C7510C} - System32\Tasks\{3AEAE054-AE02-4D8E-B440-367E284DD5FE} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.321/en/go/help.faq.installer?LastError=1603
Task: {58F0462E-60D8-47C6-9129-0897ACCB790A} - System32\Tasks\{34B0F794-6A48-468E-AAE5-865BD937F693} => C:\Program Files\WIDCOMM\Bluetooth Software\AdminUtils.exe [2012-10-17] (Broadcom Corporation.)
Task: {59DCAD36-AE95-48FC-8E12-36A8DF107D5D} - System32\Tasks\{1F4A81E3-C3E1-4D1E-BB3C-332F4F7742DF} => pcalua.exe -a C:\Users\da\Downloads\gm5b_setup(1).exe -d "C:\Program Files\Mozilla Firefox"
Task: {59E11070-5D93-4431-B450-FBEA77875978} - System32\Tasks\{CA656C04-5BF8-410E-872D-7817A33A4A9F} => C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe [2012-10-17] (Broadcom Corporation.)
Task: {5F1E2E3C-7A47-412D-8A4F-E61ACEA87DD1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {6845CE20-E427-49D8-9A5D-85B5F0ECCDAD} - System32\Tasks\{F60E4F7A-3FED-4AD3-8AE6-385BCE906DB9} => pcalua.exe -a C:\Users\da\Downloads\gm5b_setup(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {6AFAE6E9-C995-4A27-886E-8755077D9A96} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {6BAAB1C4-16D4-4C17-9816-EBD8A0A5361D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {6F022D1F-A9B6-4013-8774-BCBE8E6D50A7} - System32\Tasks\{E85CE766-B81C-4DAC-B042-84B6A871C31E} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152&amp;LastError=12029
Task: {71F186F6-2079-4545-9F21-A1CCD3E450E2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-22] (Adobe Systems Incorporated)
Task: {79009388-60A9-4D2A-8AEB-F5BA83AF18B8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {79232A21-173A-4382-BB1C-1C9840C730EB} - System32\Tasks\RealDownloader Update Check => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {7B367C6E-E9C3-4D5A-B441-D023DE5A5B75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {7CF75C28-F407-4AED-BC21-FD1784B7CE13} - System32\Tasks\LUAYNFMQTAELIMQM => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {85F59070-DF3B-4E8D-A45A-DBCE4F9FA3CE} - System32\Tasks\{3FDFF92D-A9E8-4F2E-941F-71435EA4F174} => pcalua.exe -a C:\Users\da\Downloads\gm5p_setup(1).exe -d C:\Users\da\Documents
Task: {873A4D05-EA53-4E69-8997-7368778570E1} - System32\Tasks\{84D08FB8-D0B2-4078-BB1F-F67201567C63} => pcalua.exe -a C:\Users\da\Documents\Downloads\sp64082.exe -d C:\Users\da\Documents\Downloads
Task: {8A35A498-D71B-41E6-A24C-F0F57F0633A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8AEE7B73-E521-461C-AC04-563928049765} - System32\Tasks\HPCeeScheduleForda => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {9543E45D-45B7-43BA-AA9C-69281ED10418} - System32\Tasks\TrafficMaster => c:\programdata\{6cade594-c848-cef1-6cad-de594c849653}\pricelessinstaller.exe <==== ATTENTION
Task: {9AD90831-66E9-434A-9559-D587D586FAF5} - System32\Tasks\{AEA9E9C1-C1CF-4DCE-96CD-CA813A46C0F1} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp52183.exe" -d C:\windows\system32
Task: {9D7CE0C7-ED02-4D61-94B2-23EEFD8BC355} - System32\Tasks\{615FAF27-C7EB-462C-86C2-148115F378DF} => pcalua.exe -a C:\Users\da\Downloads\sp54620(3).exe -d C:\Users\da\Downloads
Task: {9DF82888-5EC2-4E3F-A4F9-24C883C5C4D6} - System32\Tasks\{1421478B-3720-459C-A7E4-BF916691451C} => C:\Users\da\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {9ED0B1BD-3CA8-42D3-8ED0-92DB646D3888} - System32\Tasks\{0C410A45-3F33-439F-9975-B5068AD71D39} => pcalua.exe -a C:\Users\da\Downloads\aomwin200ea24(2).exe -d C:\windows\system32
Task: {A13AFD25-3608-4701-AC47-5644511BC98D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {A72C4338-CF0F-482B-BD07-DECF529E7C1F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {B4227801-F9B1-4AEC-8912-842332F7F5EF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {B59AA59D-DFA8-4C59-B76A-D4E6E442DED7} - System32\Tasks\{0F598EE6-A424-4CE6-9EF6-A65D68DEDC09} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp54982.exe" -d C:\windows\system32
Task: {B5B9D633-E423-4191-B664-6ED5087CBF07} - System32\Tasks\Wroumorunuoer => C:\ProgramData\Wroumorunuoer\1.0.4.1\etnoiumf.exe
Task: {B621ABD7-1AE6-4C49-94B4-187FAC2A5EA9} - System32\Tasks\{A550B53A-5339-4364-9954-C8A9D91FD65C} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp50180.exe" -d C:\windows\system32
Task: {C0B444EA-CA63-4FCB-91C2-C3E18A6406E2} - System32\Tasks\{5519F5E1-5775-4D51-9DBC-904D7D2F662D} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.321/en/go/help.faq.installer?LastError=1603
Task: {C629AB7B-A7EB-4D92-AC0C-D2C48FFCDB31} - System32\Tasks\{8319F902-19E7-4E3B-BC86-F617AB63A60E} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {C6987233-1F5B-4ED0-9A20-F2D1A68ED4B1} - System32\Tasks\{8EEA20BD-0453-4013-AF29-E1F027F7222F} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {C9601CC5-7735-468C-B860-4F286AF83624} - System32\Tasks\CCleaner => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {CE286AE4-9C5C-4C65-9881-79C0E82FFE9F} - System32\Tasks\{2BDA8AEB-C4C5-405E-9D78-3C7A9D3C2F71} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {D0C22EBC-C1B1-4ACD-8AFC-AEDC89B6006A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {D23DE358-03D5-41EB-82A5-493CD1E8DB2A} - System32\Tasks\{8EB4FDDC-3DD7-4A74-9D6D-47A92B40EC46} => pcalua.exe -a C:\Users\da\Downloads\mx850swin101ea24.exe -d "C:\Program Files\Mozilla Firefox"
Task: {D24C8C35-ABE1-458A-AF8F-67EF6025599E} - System32\Tasks\{A3D83E62-E1E0-40A6-9F9E-C407A1C3E652} => pcalua.exe -a G:\SETUP.EXE -d G:\
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {D86D295C-C96F-445C-8FFD-0816FDF9411B} - System32\Tasks\{26D0E011-638C-47F1-A146-FC24BDDCBFA7} => pcalua.exe -a C:\Users\da\Downloads\PM90310ML.exe -d C:\Users\da\Downloads
Task: {DBBD5577-570B-4B39-BA55-8325FA731752} - System32\Tasks\{ACCE6506-EA6A-4726-9228-68FE7A1F35A8} => pcalua.exe -a C:\Users\da\Documents\Downloads\sp47022.exe -d C:\Users\da\Documents\Downloads
Task: {DEE0E42F-CC3D-41A3-A272-2D6EC0B2DA62} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {DF1F9333-B5F8-48A4-A5A6-B95D160E5D71} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {E0AC77B5-2592-4069-9548-5C6FCC7270D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {EE884B8D-A8CB-47DA-BB98-5D638365C448} - System32\Tasks\{4E9E56B3-4C15-4F41-A050-4443CF04C01E} => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {F35C753E-7E69-451E-BCBA-A5ABE0523CD9} - System32\Tasks\Driver Detective => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForda.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForDAWNGREENAWAY$.job => c:\program files\hewlett-packard\hp ceement\HPCEE.exe
Task: C:\windows\Tasks\LUAYNFMQTAELIMQM.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\windows\Tasks\TrafficMaster.job => c:\programdata\{6cade594-c848-cef1-6cad-de594c849653}\pricelessinstaller.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2014-10-26 22:59 - 2014-10-26 22:59 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-12-25 18:42 - 2015-02-08 10:42 - 00865880 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00031856 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-10-30 05:41 - 2014-10-30 05:41 - 00035976 _____ () C:\Program Files\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00039560 _____ () C:\Program Files\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00032888 _____ () C:\Program Files\Real\UpdateService\RPDSUpdatePlugin.dll
2011-06-13 20:26 - 2009-08-10 08:48 - 00069632 _____ () C:\Program Files\Scan2PC\Sc2PCSvc.exe
2014-05-06 19:39 - 2014-03-13 15:52 - 00012800 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2016-02-05 13:03 - 2016-02-05 13:03 - 00541696 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2014-05-06 19:39 - 2014-03-13 15:52 - 01595392 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2014-05-06 19:39 - 2014-03-13 15:52 - 01165824 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-12-21 10:15 - 2013-12-21 10:15 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\JNIInterface.dll
2013-12-21 10:15 - 2013-12-21 10:15 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ASFAPI.dll
2013-12-21 10:17 - 2013-12-21 10:17 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB_Manager.dll
2013-10-01 08:46 - 2013-10-01 08:46 - 00025600 _____ () C:\PROGRAM FILES\SAMSUNG\ALLSHARE FRAMEWORK DMS\1.3.23\MediaDB.dll
2013-10-22 08:48 - 2013-10-22 08:48 - 00707072 _____ () C:\PROGRAM FILES\SAMSUNG\ALLSHARE FRAMEWORK DMS\1.3.23\ContentDirectoryPresenter.dll
2013-12-21 10:17 - 2013-12-21 10:17 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMS_Manager.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-12-02 21:42 - 2008-11-17 13:56 - 00102400 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\nsSign.dll
2013-12-02 21:42 - 2010-05-07 10:46 - 00057344 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2013-12-02 21:42 - 2010-12-23 12:17 - 00057344 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMISM.dll
2013-12-02 21:42 - 2007-03-30 09:24 - 00104528 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\Qem.dll
2013-12-02 21:42 - 2010-12-29 16:52 - 00147456 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2013-12-02 21:42 - 2008-08-25 16:19 - 00069632 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2013-12-02 21:42 - 2009-11-26 16:49 - 00081920 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2013-12-02 21:42 - 2011-03-11 09:47 - 00151040 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2013-12-02 21:42 - 2009-09-09 13:44 - 00151552 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMANO.dll
2013-12-02 21:42 - 2007-03-30 08:49 - 00104528 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\ComClass.dll
2013-12-02 21:42 - 2010-11-30 15:42 - 00352256 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMTree.dll
2013-12-02 21:42 - 2010-10-22 09:01 - 00139264 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSet.dll
2013-12-02 21:42 - 2010-12-29 17:32 - 00614400 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2013-12-02 21:42 - 2009-08-06 09:22 - 00421888 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\FT.dll
2013-12-02 21:42 - 2010-09-09 17:00 - 00061440 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2013-12-02 21:42 - 2010-07-13 09:48 - 00106496 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMProp.dll
2013-12-02 21:42 - 2007-08-31 16:51 - 00040960 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2013-12-02 21:42 - 2010-09-08 16:10 - 00073728 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2013-12-02 21:42 - 2009-11-27 16:38 - 00331776 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2013-12-02 21:42 - 2010-11-26 09:33 - 04583424 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMView.dll
2013-12-02 21:42 - 2007-03-30 09:01 - 00038992 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2013-12-02 21:42 - 2010-10-22 09:22 - 00090112 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSave.dll
2013-12-02 21:42 - 2010-08-03 09:44 - 00049152 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2013-12-02 21:42 - 2010-09-26 10:13 - 00430080 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2013-12-02 21:42 - 2010-03-02 14:09 - 00102400 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2013-12-02 21:42 - 2009-06-26 08:03 - 00086016 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2013-12-02 21:42 - 2010-08-03 09:51 - 01036288 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2013-12-02 21:42 - 2009-12-04 16:20 - 00323584 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2013-12-02 21:42 - 2010-09-26 10:13 - 00184320 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2013-12-02 21:42 - 2008-08-25 15:16 - 00040960 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2013-12-02 21:42 - 2010-09-08 09:52 - 00036864 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2013-12-02 21:42 - 2010-04-27 14:20 - 00065536 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2013-12-02 21:42 - 2011-01-21 14:05 - 00258048 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2013-12-02 21:42 - 2007-03-30 08:57 - 00034896 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\Import.dll
2013-12-02 21:42 - 2010-11-26 09:45 - 00090112 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2014-05-06 19:39 - 2014-03-13 15:52 - 00040448 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2015-11-17 17:44 - 2015-11-17 17:44 - 00117248 _____ () C:\Users\da\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-11-17 17:45 - 2015-11-17 17:45 - 00234496 _____ () C:\Users\da\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-11-17 17:45 - 2015-11-17 17:45 - 00253440 _____ () C:\Users\da\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-11-17 17:44 - 2015-11-17 17:44 - 00344064 _____ () C:\Users\da\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-07-19 19:59 - 2014-05-15 03:33 - 01212104 _____ () C:\Program Files\MediatekWiFi\Common\RaWLAPI.dll
2015-12-12 13:24 - 2015-10-31 00:59 - 00034768 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00019408 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00022848 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00023352 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00042296 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-12 13:24 - 2015-10-31 00:59 - 00116688 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 13:24 - 2015-10-31 00:59 - 00093640 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 13:24 - 2015-10-31 00:59 - 00018376 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00019760 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00105928 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-12 13:24 - 2015-10-31 00:59 - 00392144 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 13:24 - 2015-12-08 21:36 - 00381752 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 13:24 - 2015-10-31 00:59 - 00692688 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00020816 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00109520 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 01737032 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00020808 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00020800 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00021840 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00038696 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00024528 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00020936 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00114640 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00021320 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00124880 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00030160 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00043472 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00175560 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00028616 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00024016 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00048592 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00024392 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00036296 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 13:24 - 2015-10-31 01:00 - 00024016 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00117056 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00023376 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 13:24 - 2015-10-31 00:59 - 00134608 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-12 13:24 - 2015-10-31 00:59 - 00134088 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00240584 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00020280 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00052024 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00021304 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00350152 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00084792 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-12 13:24 - 2015-12-08 21:36 - 01826608 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 13:24 - 2015-10-31 01:00 - 00083912 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 03891504 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 01950000 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00519984 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00133936 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00225080 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00207672 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00024904 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00486704 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-12 13:24 - 2015-12-08 21:36 - 00357680 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-12-12 13:24 - 2015-10-31 01:01 - 00019920 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-12-12 13:24 - 2015-10-31 01:00 - 00786904 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-12-12 13:24 - 2015-10-31 01:00 - 00063448 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-12-12 13:24 - 2015-10-31 01:00 - 00019408 _____ () C:\Users\da\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2009-07-01 22:44 - 2009-07-01 22:44 - 00632888 ____R () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2013-12-11 15:46 - 2013-12-11 15:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-22 08:48 - 2013-10-22 08:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 18:49 - 2013-10-25 18:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 15:38 - 2013-04-19 15:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\da\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BBSvc => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{1FB1D061-B1BD-4848-BADC-A63BD3B82AB3}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{1496B37D-F335-4B37-BBD2-CB48CAE43203}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{1B081FC7-845A-4F76-80C0-50BE8C8E0879}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
FirewallRules: [{13F67877-ECD6-4158-82EE-41957AA05F66}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
FirewallRules: [TCP Query User{C18F6E25-8240-45AE-943A-6CC03DEADF96}C:\users\da\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\da\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{403A57D4-7439-4FEE-87E5-4ADF01E06D52}C:\users\da\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\da\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{938F20E7-40B9-4970-B281-BF7202D6E624}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{CBD7E76E-3C28-4D34-9671-95E74D2DBB0F}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{237583F9-39F4-4383-AF16-C3F8ED34EF2A}C:\program files\mailingcheck\spamassassin\spamassassin.exe] => (Allow) C:\program files\mailingcheck\spamassassin\spamassassin.exe
FirewallRules: [UDP Query User{E9D7CE47-7FAE-4415-9CF1-A259E52E6F32}C:\program files\mailingcheck\spamassassin\spamassassin.exe] => (Allow) C:\program files\mailingcheck\spamassassin\spamassassin.exe
FirewallRules: [TCP Query User{8CB41583-42A4-4042-B47E-C96427A0B5A3}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{1F4E9664-0DD8-4CBA-AEAB-59D9C61F8027}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{2CE6DF6C-F010-466B-A595-E0F11E77BEAE}C:\program files\mailingcheck\spamassassin\spamassassin.exe] => (Block) C:\program files\mailingcheck\spamassassin\spamassassin.exe
FirewallRules: [UDP Query User{CAE772BC-D2B7-407F-8BBA-E31A2D541D4C}C:\program files\mailingcheck\spamassassin\spamassassin.exe] => (Block) C:\program files\mailingcheck\spamassassin\spamassassin.exe
FirewallRules: [{E32DB569-B020-4224-8225-5B29E05576E7}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{7C05A37A-7B8A-4A03-9F01-4C09C7861A7C}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{B50DE3EB-4650-4138-BAFD-840C7AC27673}] => (Allow) C:\Users\da\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{1B068F8D-07A0-4503-9895-E00BA94879F5}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7EBE6082-5383-4278-8D52-D659478F05D6}] => (Allow) LPort=2869
FirewallRules: [{75A7926F-65FA-4F31-81F3-D68E4F691EB4}] => (Allow) LPort=1900
FirewallRules: [{16188B4C-73E3-47E8-9CBE-5F44DBBFE90E}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{375549C6-2D03-48A6-AF3A-BA9CE3405324}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9E9DFE3A-3117-44C4-B58E-613C28AA98A3}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{E5531D17-E250-43BF-9286-4244F98F05CE}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{8AFDA6AF-D433-401C-8D89-E32150A39B49}] => (Allow) C:\Program Files\Ralink\Common\ApUI.exe
FirewallRules: [{0CB4C254-FCD2-4134-8CBD-1FE21B1ACEC1}] => (Allow) C:\Program Files\Ralink\Common\ApUI.exe
FirewallRules: [{7C40875D-B006-4D0D-AC67-25617C1E0FAD}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{F6FE6FCF-5A89-4D46-BDBE-545DCA78D968}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{20E5E581-D3C6-4731-8F73-0E4C82D8A0C4}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{ED71F63C-B8EC-4A63-B296-247BEEBA8AEA}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{7BE553DF-8147-48CE-B036-D5E1ECD7D284}] => (Allow) G:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{F8A8AD0E-B925-4205-9B9E-D467A5971ADE}] => (Allow) C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{E8FCF647-84C9-425E-BEAF-943EA1CEBC79}] => (Allow) C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{B205D97F-1828-469B-B8D3-59B93992929B}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EB64DF18-DD04-46EC-A8D5-7A8146FDBD31}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B25E3B7D-73EE-4302-80A9-04B73D50B92A}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{DA7E96B2-7C74-4848-A970-E5EBCEA65AC7}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{D5FAB4AF-47B8-4808-946D-AFC6837A2946}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{81CC5C73-6239-4A62-B8D7-B16DEEBD1FD0}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{9490305C-B7CA-4D46-925D-140542B1F874}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{F78E5BDA-B881-423D-88A6-1F5C3BF33EBC}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{1EA43403-882A-4293-A4E8-F7B8779149CD}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{850E2F53-6607-4ECF-9DB2-9626598427F3}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{31487757-D134-4C3F-80BF-E97506B60A87}] => (Allow) LPort=8743
FirewallRules: [{CC83DD3E-E3CC-4D91-BFD5-E31ED68BB1DA}] => (Allow) LPort=8643
FirewallRules: [{0CE5B018-1B3D-4F52-8A86-B900F4C7DEDF}] => (Allow) LPort=7676
FirewallRules: [{54511940-2D98-4965-B885-27A0840954EF}] => (Allow) LPort=7679
FirewallRules: [{F3BFE262-77E4-4E40-A95F-3862177BF447}] => (Allow) LPort=24234
FirewallRules: [{E6CD7511-14AE-4A3A-AE02-B0EBF7CA4784}] => (Allow) LPort=7900
FirewallRules: [{247BE064-FE7D-4508-806E-4AB01C31CCEB}] => (Allow) LPort=1900
FirewallRules: [{5F8AC25D-5298-4845-8441-C93CAC54CF33}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaMediaServer.exe
FirewallRules: [{2F076EDB-FA7D-4B0A-A174-0A72C0DD416D}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaMediaServer.exe
FirewallRules: [{BA01BAB7-D6B2-464B-8880-D5968DA9081F}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaUI.exe
FirewallRules: [{32B68171-0C9F-45E7-90BD-546AF70FB8B2}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaUI.exe
FirewallRules: [TCP Query User{210CDB62-F243-4564-9EAA-A9061E30708B}C:\program files\newsoft\presto! pagemanager 9.03\licensecheck.exe] => (Allow) C:\program files\newsoft\presto! pagemanager 9.03\licensecheck.exe
FirewallRules: [UDP Query User{743873E1-989B-4F6B-B60D-E6520C491690}C:\program files\newsoft\presto! pagemanager 9.03\licensecheck.exe] => (Allow) C:\program files\newsoft\presto! pagemanager 9.03\licensecheck.exe
FirewallRules: [{E89BD02F-BA6D-40C5-AB16-C50CB294B3EF}] => (Allow) c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{57CE9399-3103-4E10-9BFD-626ED765C567}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4CD24070-EAD8-4F2B-B266-CDC4F23E9C9D}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{4D48AD20-0837-49AD-8223-E3EC6DF83E1C}] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{3EAA28C9-664D-4625-8022-064CDD076EA8}] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{E9713102-2019-4338-9FB3-4AD29AB3FF01}] => (Allow) C:\Users\da\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DDC197C4-DB19-4C46-B786-04465EE5113F}] => (Allow) C:\Users\da\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{747B238B-C5FA-41E0-AE20-1794CA3C74C0}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaUI.exe
FirewallRules: [{9EF878A7-6B6E-4100-A100-FDACEE1D835E}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaUI.exe
FirewallRules: [{4D37BBE7-7012-463D-AC3E-4ADFD5168158}] => (Allow) C:\Program Files\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [{565E1937-29C3-4B1F-9811-3CE44F810DC0}] => (Allow) C:\Program Files\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [{D122B08C-DAAE-44EC-B80A-9174C215235F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B449D0CF-7D2D-4E2A-B68D-209091D653A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62C5BA5E-1469-4943-B58B-A5ADA97A3C0A}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

05-02-2016 19:10:32 Installed HP Webcam Driver
05-02-2016 19:25:27 Configured IDT Audio
05-02-2016 19:33:54 Installed Realtek Ethernet Controller All-In-One Windows Driver
05-02-2016 19:42:15 Installed REALTEK PCIE Wireless LAN Software
06-02-2016 10:27:55 Configured Microsoft Office Small Business 2007
06-02-2016 12:18:15 Installed Windows Mobile Device Center Driver Update
06-02-2016 12:30:57 Installed Windows Mobile Device Center
06-02-2016 12:50:15 Windows Update
06-02-2016 13:52:09 Removed MailingCheck

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2016 01:29:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ef4

Start Time: 01d160d63bc6e032

Termination Time: 31

Application Path: C:\windows\Explorer.EXE

Report Id: a9671963-ccd5-11e5-a750-70f3957ebbca

Error: (02/06/2016 11:07:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BTWUIExt.exe, version: 6.5.1.3400, time stamp: 0x507e35b3
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7b00
Exception code: 0xe0434352
Fault offset: 0x0000812f
Faulting process id: 0x130c
Faulting application start time: 0xBTWUIExt.exe0
Faulting application path: BTWUIExt.exe1
Faulting module path: BTWUIExt.exe2
Report Id: BTWUIExt.exe3

Error: (02/06/2016 11:07:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: BTWUIExt.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at BTWUIExt.App.Main()

Error: (02/06/2016 10:27:53 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {03185c3e-cd4d-463d-a6b8-cfc1efb21ed3}

Error: (02/06/2016 08:48:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application registered 2 identical instances of service DAWNGREENAWAY._rp-media._tcp.local. port 16274.

Error: (02/05/2016 08:02:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SyncServicesBasics.exe, version: 4.0.3.1, time stamp: 0x470c02e9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1a8
Faulting application start time: 0xSyncServicesBasics.exe0
Faulting application path: SyncServicesBasics.exe1
Faulting module path: SyncServicesBasics.exe2
Report Id: SyncServicesBasics.exe3

Error: (02/05/2016 08:01:06 PM) (Source: MsiInstaller) (EventID: 1013) (User: DAWNGREENAWAY)
Description: Product: Skype™ 4.1 -- A later version of Skype™ 4.1 is already installed.

Error: (02/05/2016 07:58:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FUFAXRCV.exe, version: 2.0.0.29, time stamp: 0x556c17eb
Faulting module name: pdfc_ui.dll, version: 0.3.1.5, time stamp: 0x4b4cbeda
Exception code: 0xc0000005
Fault offset: 0x00004022
Faulting process id: 0xee4
Faulting application start time: 0xFUFAXRCV.exe0
Faulting application path: FUFAXRCV.exe1
Faulting module path: FUFAXRCV.exe2
Report Id: FUFAXRCV.exe3

Error: (02/05/2016 07:10:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {df1fb8de-7ce7-4dcd-969a-234bf3730cb1}

Error: (02/05/2016 03:45:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4f8

Start Time: 01d16026292673cb

Termination Time: 46

Application Path: C:\windows\Explorer.EXE

Report Id: 7113e8a9-cc1f-11e5-8409-70f3957ebbca


System errors:
=============
Error: (02/06/2016 02:09:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (02/06/2016 02:09:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (02/06/2016 02:04:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (02/06/2016 02:04:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (02/06/2016 01:54:46 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: "C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding740{51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (02/06/2016 01:41:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (02/06/2016 01:41:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (02/06/2016 01:40:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (02/06/2016 01:40:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (02/06/2016 01:28:39 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: "C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding740{51FA2736-5DEE-11D4-98E8-006008BF430C}


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 73%
Total physical RAM: 3000.27 MB
Available physical RAM: 808.54 MB
Total Virtual: 5998.85 MB
Available Virtual: 3470.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.79 GB) (Free:64.98 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: DE5AC82A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

 

 

 


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hello pumpkinace and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem. :)

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    I will need a bit of time to analyse your logs and will post further instructions soon. :)

  • 0

#3
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hello Bruce1270

Thank you for your response I will be ready to follow your instructions as they arrive.  Good luck with your training I'm sure you will do very well.

Kind regards

Dawn


  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi pumpkinace

Here are some instructions for you.

Step1 - Run FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   2.36KB   229 downloads

  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Uninstall Chrome


    Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
    1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
    2. Open your Google Dashboard. Make sure that you are signed in to your Google account.
    3. Click Reset sync to stop syncing and clear all of your synced data.
    4. Click OK.
    5. Now we need to uninstall chrome.
    6. Close all Chrome windows and tabs.
    7. Go to the Start menu > Control Panel.
    8. Click Uninstall a Program or Programmes and Features
    9. Double-click Google Chrome.
    10. Click Uninstall from the confirmation dialogue. Select the "Also delete your browsing data" tick box.
    11. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
    12. Import your bookmarks back into Chrome
    13. Sign back in to your Chrome browser so that your bookmarks sync with your online account.


    Step3 - Junkware Removal Tool


    Download Junkware Removal Tool by thisisu and save it to your desktop.

    Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

    1.Ensure all programs and windows are closed before proceeding.
    2.Simply double-click the program icon to run it. It will ask for administrator privileges.
    3.A black window will appear. Press any key to continue.
    4.Wait for it to finish. It won't take long.
    5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    7. Reboot your machine and enable your anti virus again.


    Step4 - AdwCleaner Scan


    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options

    - tick Reset proxy settings
    Reset winsock settings
    Reset TCP/IP settings
    Reset IPSec settings
    Reset Internet Explorer policies
    Reset Chrome policies
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step5 - Submit file to VirusTotal

    To do this step you will need to unhide your folders. To do this -
  • Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
  • Click the Viewtab.
  • Under Advanced settings, click Show hidden files and folders, and then click OK.
  • Please upload the fileetnoiumf.exe to virustotal
  • To do this click on Choose file. When the window opens navigate to the location C:\ProgramData\Wroumorunuoer\1.0.4.1. Locate file etnoiumf.exe and click on it to select it.
  • Once you have selected the file, click the Scan It! button.
  • If file already analysed window will appear, click on reanalyse button.
  • When scan will be finished, post the link to result (you can copy it from address bar in your browser) in your next message.
    Other analysis site alternatives are VirScan.org and Jotti .


    Things for your next post:
  • fixlog.txt
  • JRT.txt
  • adwCleaner[C*].txt
  • VirusTotal results for etnoiumf.exe
  • How is your computer responding now?

  • 0

#5
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce1270

I have managed to do most of what you have instructed.  I will go through what has worked in the same order as above.  Step 1 program took hours to work so left over night.  There was a message to say that a program was blocked but the FRST fix completed successfully. The one I had installed was been supperceded by a newer version automatically so I now have to icons with FRST.ext

Step 2. I don't use Chrome, but uninstalled it as intructed and installed as per your links.The program didn't ask me for "Also delete your browsing data" as i assume there wasn't any.

On shutting down the computer it is still hanging and waiting to close background programmes enough though there are any in the display box.

Step 3. your link to junkware removal tool redirected and I looked it up and this was by Malwarebytes not thisisu.  I disabled windows essentials and malwarebyes to my knowledge as there were no instructions on how to do this on your site.  Step 4. Adwcleaner updated to a newer version.  When it came to chosing the options  and clicked on cleaning my computer went crazy flashing/not responding again but then worked after a few seconds.  Step 5 NOT COMPLETED  i have been unable to find the 2 files you mention above.  I have my files to show anyway but double checked to make sure and they are.  I also did a search for them and the only place they could be found is in the addition.txt file I did at the beginning before we started to clean up the computer. couldn't locate wroumorunuoer and etnoiumf.exe. 

I am attaching the files that I have completed so far and will await more instructions from you.  The computer is still slow and not responding.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by da (2016-02-08 22:17:03) Run:1
Running from C:\Users\da\Desktop
Loaded Profiles: da &  (Available Profiles: da)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Policies\Explorer: [NoInternetIcon] 1
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-12-24] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-12-24] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-12-24] [not signed]
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
S3 FTD2XX; System32\Drivers\FTD2XX.sys [X]
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
Task: {1344DDC1-A85C-4CBA-A0E6-4AB2B67A0447} - System32\Tasks\sab3009 => C:\PROGRA~1\FASTSE~1\sab3009.exe <==== ATTENTION
Task: {315F6AF9-FEC3-4FB0-AD2B-7B62378C8DA4} - \Installer_geforce -> No File <==== ATTENTION
Task: {7CF75C28-F407-4AED-BC21-FD1784B7CE13} - System32\Tasks\LUAYNFMQTAELIMQM => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {9543E45D-45B7-43BA-AA9C-69281ED10418} - System32\Tasks\TrafficMaster => c:\programdata\{6cade594-c848-cef1-6cad-de594c849653}\pricelessinstaller.exe <==== ATTENTION
Task: C:\windows\Tasks\LUAYNFMQTAELIMQM.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\windows\Tasks\TrafficMaster.job => c:\programdata\{6cade594-c848-cef1-6cad-de594c849653}\pricelessinstaller.exe <==== ATTENTION
c:\programdata\{6cade594-c848-cef1-6cad-de594c849653}\pricelessinstaller.exe <==== ATTENTION
C:\ProgramData\Service1291
C:\PROGRA~1\FASTSE~1
c:\programdata\{6cade594-c848-cef1-6cad-de594c849653}
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetIcon => value removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000010" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => moved successfully
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => moved successfully
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => moved successfully
CpqDfw => service removed successfully.
FTD2XX => service removed successfully.
"HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1344DDC1-A85C-4CBA-A0E6-4AB2B67A0447}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1344DDC1-A85C-4CBA-A0E6-4AB2B67A0447}" => key removed successfully.
C:\Windows\System32\Tasks\sab3009 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sab3009" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{315F6AF9-FEC3-4FB0-AD2B-7B62378C8DA4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{315F6AF9-FEC3-4FB0-AD2B-7B62378C8DA4}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_geforce => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CF75C28-F407-4AED-BC21-FD1784B7CE13}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CF75C28-F407-4AED-BC21-FD1784B7CE13}" => key removed successfully.
C:\Windows\System32\Tasks\LUAYNFMQTAELIMQM => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUAYNFMQTAELIMQM" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9543E45D-45B7-43BA-AA9C-69281ED10418}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9543E45D-45B7-43BA-AA9C-69281ED10418}" => key removed successfully.
C:\Windows\System32\Tasks\TrafficMaster => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TrafficMaster" => key removed successfully.
C:\windows\Tasks\LUAYNFMQTAELIMQM.job => moved successfully
C:\windows\Tasks\TrafficMaster.job => moved successfully
"c:\programdata\{6cade594-c848-cef1-6cad-de594c849653}\pricelessinstaller.exe <==== ATTENTION" => not found.
"C:\ProgramData\Service1291" => not found.
"C:\PROGRA~1\FASTSE~1" => not found.
"c:\programdata\{6cade594-c848-cef1-6cad-de594c849653}" => not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 10.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:58:48 ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Professional x86
Ran by da (Administrator) on 09/02/2016 at  9:43:02.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 45

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder)
Successfully deleted: C:\Users\da\AppData\Local\{13DCF902-EFFE-4B28-BBE0-FE2BA0DEAE57} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{17974095-8706-4FB0-9446-311F32445656} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{3A33E398-236E-48A4-AC7A-C81314CE3BB4} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{4049D188-97D8-4352-BB64-519DD715A4CE} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{430BE478-2B3C-4AA2-A491-207673FF94D8} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{56F6D75F-D9CA-43C5-A3D8-EE9586663518} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{622496DB-85EB-4923-9F6B-0FD908326ED3} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{658BBA66-93AE-4370-92D4-74CC5A812587} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{6DA61E2C-E2F7-47F1-8526-41EAAC331270} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{6DDE0756-E5A9-4504-92A3-1593BD2EAC44} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{7136EC30-C767-437D-8FAD-26461CB8C2CE} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{7FB8F11E-7694-4CC4-AF8D-40406A03C34C} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{88D5C2DC-D9AA-4FE8-BD42-EDDFC5B8E40D} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{93C7B16E-D7D1-4C4E-A548-57F50E1CDBBF} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{9C6870A5-928B-4AC8-AA3C-6D189F19C89E} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{C74F5507-78CB-432E-A1D8-52945922B518} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{EAC0E312-0FD8-4F7E-8DDF-6B770756B46C} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{EB162C9E-20FF-4181-9744-ED41E2A25E96} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{EC6EFC75-052F-4613-AF99-0F44C6B5DEEC} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\{F238E67D-E444-44FE-8DE9-EC7401013DA7} (Empty Folder)
Successfully deleted: C:\Users\da\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\da\AppData\Local\installer (Folder)
Successfully deleted: C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\rmghdrh7.Default User\extensions\staged (Folder)
Successfully deleted: C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\rmghdrh7.Default User\extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} (Folder)
Successfully deleted: C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\rmghdrh7.Default User\extensions\staged\[email protected] (Folder)
Successfully deleted: C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\rmghdrh7.Default User\extensions\staged\[email protected]\components (Folder)
Successfully deleted: C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\rmghdrh7.Default User\extensions\staged\[email protected]\content (Folder)
Successfully deleted: C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\rmghdrh7.Default User\extensions\staged\[email protected]\content\imgs (Folder)
Successfully deleted: C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\rmghdrh7.Default User\extensions\staged\[email protected]\content\imgs\flgs (Folder)
Successfully deleted: C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\rmghdrh7.Default User\extensions\staged\[email protected]\META-INF (Folder)
Successfully deleted: C:\Users\da\Documents\my pagemanager (Folder)
Successfully deleted: C:\windows\System32\${logfile} (File)
Successfully deleted: C:\windows\System32\newsoft (File)
Successfully deleted: C:\windows\System32\Tasks\Driver Detective (Task)
Successfully deleted: C:\Program Files\myfree codec (Folder)
Successfully deleted: C:\Users\da\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95PP6739 (Folder)
Successfully deleted: C:\Users\da\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AP9FRTEQ (Folder)
Successfully deleted: C:\Users\da\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMQ1690S (Folder)
Successfully deleted: C:\Users\da\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HK045131 (Folder)
Successfully deleted: C:\Users\da\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IUWF6VJZ (Folder)
Successfully deleted: C:\Users\da\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R83FC1VG (Folder)
Successfully deleted: C:\Users\da\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3IJEENK (Folder)
Successfully deleted: C:\Users\da\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGTM17JI (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/02/2016 at  9:50:40.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v5.033 - Logfile created 09/02/2016 at 11:32:59
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : da - DAWNGREENAWAY
# Running from : C:\Users\da\Downloads\adwcleaner_5.033.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\PlayGem
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9F2949D6-977B-4B61-B513-0C2EE52C2B4F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKU\S-1-5-19\Software\Browser
[-] Key Deleted : HKU\S-1-5-20\Software\Browser
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2

***** [ Web browsers ] *****

[-] [C:\Users\da\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: IPSec settings cleared
:: Chrome policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1867 bytes] ##########
 

Unable to give you the results for VirusTotal as not processed.

Computer still slow and not responding. Starting up a bit quicker. But shutting down is still slow. 

 

Thanks Dawn


  • 0

#6
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Sorry I have just read through my message and found lots of spelling mistakes.  I do apologise, hopefully you understand what I mean.


  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi pumpkinace

No need to apologise for the spelling - I'm just as bad! :)

Don't worry if you couldn't find the file to submit to VirusTotal. I will try to remove it with FRST.

We'll carry on with the cleaning process as well using Malwarebytes which you have already installed and ESET on line scan.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Task: {B5B9D633-E423-4191-B664-6ED5087CBF07} - System32\Tasks\Wroumorunuoer => C:\ProgramData\Wroumorunuoer\1.0.4.1\etnoiumf.exe
C:\ProgramData\Wroumorunuoer
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Malwarebytes Scan


    Launch Malwarebytes Anti-Malware
    [The MBAM dashboard may appear with an alert to update - click the button Fix Now;

    Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.

    MBAM_settings_zps3dey1yqg.jpg

    Return to the Dashboard click on Scan Now;

    MBAM_scan_zpsoqfjupkt.jpg

    If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    Copy and Paste the contents of the log in your next reply.



    Step3 - ESET online Scan


    Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus
    If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • When completed select Uninstall application on close.
  • Now click on Finish.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Things for your next post:
  • fixlog.txt
  • MBAM log
  • ESET log
  • Any change to the computer's running?

  • 0

#8
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce1270

All completed and 49 threats found. Unfortunately Malware started up a scan that I didn't notice until I went back to the computer. I had disabled it all but didn't notice the scan schedule, but it did find the same bug as yesterday? It didn't stop the ESET programme from running thankfully.  Logs attached as requested.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by da (2016-02-11 09:26:52) Run:2
Running from C:\Users\da\Desktop
Loaded Profiles: da (Available Profiles: da)
Boot Mode: Normal

==============================================

fixlist content:
*****************
reateRestorePoint:
Task: {B5B9D633-E423-4191-B664-6ED5087CBF07} - System32\Tasks\Wroumorunuoer => C:\ProgramData\Wroumorunuoer\1.0.4.1\etnoiumf.exe
C:\ProgramData\Wroumorunuoer
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
EmptyTemp:
*****************

reateRestorePoint: => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B5B9D633-E423-4191-B664-6ED5087CBF07}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5B9D633-E423-4191-B664-6ED5087CBF07}" => key removed successfully.
C:\Windows\System32\Tasks\Wroumorunuoer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wroumorunuoer" => key removed successfully.
"C:\ProgramData\Wroumorunuoer" => not found.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

EmptyTemp: => 168.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:29:17 ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/02/2016
Scan Time: 09:47
Logfile: Malwarelog.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.11.01
Rootkit Database: v2016.02.08.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: da

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345362
Time Elapsed: 2 hr, 32 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f871b00d7037b24397d44cff7f505265
# end=init
# utc_time=2016-02-11 02:46:50
# local_time=2016-02-11 02:46:50 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 28081
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f871b00d7037b24397d44cff7f505265
# end=updated
# utc_time=2016-02-11 02:49:40
# local_time=2016-02-11 02:49:40 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f871b00d7037b24397d44cff7f505265
# engine=28081
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-02-11 06:40:12
# local_time=2016-02-11 06:40:12 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 23612832 78192806 0 0
# scanned=373203
# found=49
# cleaned=0
# scan_time=13831
sh=FE007ACBBC41C5F024C8D29C9C53CEBCAF35F973 ft=1 fh=fcc7da3647c57030 vn="a variant of Win32/SpeedBit.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu.dll.vir"
sh=6CA18D8D116E0C0C20175DBD898166B7838F50EA ft=1 fh=c71c0011d61cf2a7 vn="a variant of Win32/WebBar.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WebBar\2.0.5574.22315\ISightSDK.dll.vir"
sh=CE522D1EEF81BBD659AC83D242CA52C01CA97AAB ft=1 fh=c420704fb934bd6b vn="a variant of MSIL/WebBar.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WebBar\2.0.5574.22315\wb.exe.vir"
sh=9680D848F6F0871528932239F9B31B8A283C3FB5 ft=1 fh=649d4276df95fdd9 vn="a variant of MSIL/Adware.PullUpdate.L.gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup403.exe"
sh=ADF2AD3B94EB35DC371AB7A1A49B004B7C76BFA5 ft=1 fh=f95766f30bc4ebc6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup406.exe"
sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup407.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup408.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup409.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup410.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup411.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup412(1).exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup412.exe"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup414.exe"
sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup415.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup416.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup417.exe"
sh=DFDA3BEB6A8E9899118BBDE16E4DE6878E323A90 ft=1 fh=dc19b4d7d4992970 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup419(1).exe"
sh=A601D7FA1AC943E7C513C18554B4963A7CC30777 ft=1 fh=24077ef6e95ea586 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup419.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup501.exe"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup502.exe"
sh=976D24D060C8F9B655B5EC01472194B9DA6C190C ft=1 fh=1966d8d77ea974eb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup503.exe"
sh=95515E5CD54F8D3B375FAFB34E53C0C1D2E7C344 ft=1 fh=00a7bfbc17a0357b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup504.exe"
sh=012CB3E628C9FAC1159A4BA01F79C6C905757FF9 ft=1 fh=2ab5bfb1b985039b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Documents\Downloads\ccsetup506.exe"
sh=2CF3D70F8306D7275DBE5E15FD2D65EF5C13321F ft=1 fh=7a6ede455823917e vn="Win32/RegistryBooster potentially unwanted application" ac=I fn="C:\Users\da\Documents\Downloads\registrybooster.exe"
sh=B289C53DBB01232884364F964E8A5BCCDFBCE00A ft=1 fh=20604ce9407285e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup310.exe"
sh=A8A37E54DB53B64808D4DE3DDBB505859E9F4269 ft=1 fh=b799c6fdeb2be9bc vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup311.exe"
sh=3B38ECE8A1605F66D7FC38CC9BCC5FF325A2ED55 ft=1 fh=bc0c24e3a63c61a6 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup313.exe"
sh=3FC75D7EC85B4B4766AE1195896F0C2C5FB3E6FE ft=1 fh=f3111313b4ad1f30 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup314.exe"
sh=DC1FE696A24E0072BA7221FCB0DAFEDB9B3560B4 ft=1 fh=5aa7e24d05d642d5 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup315.exe"
sh=F39A1D9201D021180B9FC8543783D8CE69054DCE ft=1 fh=10783dd2892ae31b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup317.exe"
sh=2C16CF7AF335A0943C5973070050474E2565691B ft=1 fh=dbab1590fe63551b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup319.exe"
sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup323.exe"
sh=6B7392086BFE81C9C47D0D041CD900A239011F74 ft=1 fh=a2718fd4c56b599b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup325.exe"
sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup326.exe"
sh=180C8ED7C81E3AE7B0507B26C927EA93584B017C ft=1 fh=b0b83453fcc7b480 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup327.exe"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup328.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup400.exe"
sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup508.exe"
sh=6F77F2137756740F4E632BDD7FDAE582929CB411 ft=1 fh=cd73fc9df274ad5b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup509.exe"
sh=788BA11B32EAD116136308D48ABA501827BE6E3E ft=1 fh=f9ccf3513db0012f vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup511(1).exe"
sh=788BA11B32EAD116136308D48ABA501827BE6E3E ft=1 fh=f9ccf3513db0012f vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup511.exe"
sh=5B189555C663407C8DA7930EF070CE16C9B20CE1 ft=1 fh=033ec78b6d86e1cf vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup512.exe"
sh=01CA71985D230E8802622B210E12BA6CDF15D907 ft=1 fh=1b493e7940fe183a vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup512_update(1).exe"
sh=01CA71985D230E8802622B210E12BA6CDF15D907 ft=1 fh=1b493e7940fe183a vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup512_update.exe.part"
sh=C98F041F2E590541BF58A4318E92C0617427A6CE ft=1 fh=f97637e090000e40 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup513(1).exe"
sh=B7C20CA5F3D03CA0B47FE84EA238FF4F69E5183B ft=1 fh=075c4223825eb116 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\da\Downloads\ccsetup513.exe"
sh=91B957FB1F74C253A8F432DA3EDFB68BA4AB3F88 ft=1 fh=83ca72cd98eba65b vn="a variant of Win32/Adware.Dowsserve.F application" ac=I fn="C:\Users\Public\Documents\SystemData\program\flashplayerwin10_ver_308.exe"
sh=91B957FB1F74C253A8F432DA3EDFB68BA4AB3F88 ft=1 fh=83ca72cd98eba65b vn="a variant of Win32/Adware.Dowsserve.F application" ac=I fn="C:\Users\Public\Documents\SystemData\program\flashplayerwin10_ver_381.exe"
 

I am working now until Sunday evening so please don't close my topic.  I will be able to get back online Sunday early evening.  I haven't used my computer today so don't know as yet how it is as it has been running the scans you have requested nearly all day.  i will try a few things out before I log off tongith to see how it is and post again.

 

Thank you so much

Dawn


  • 0

#9
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce1270

I have played around with the computer to test it.  It appears to be closing down a little quicker and the initial start up is slightly quicker until I enter my user name and then it still takes ages to start up.  On  clicking on FF icon in the task bar it is still taking ages to open up the browser and appears not to open until I click it for a second time and then will respond but opens up 2 browsers (this is the same as it has been for some time now).  Outlook appears to be a little more stable but still hanging and not responding but much better than it was.

Kind regards

Dawn


  • 0

#10
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Ok. Thanks for letting me know. :)
  • 0

Advertisements


#11
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi pumpkinace

OK. Most of what ESET has found is just a bundled toolbar with the install software for CCleaner. You won't need these installs now so we'll delete them. As you mention Firefox is a bit slow we'll reset it to see if that helps.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Users\da\Documents\Downloads\ccsetup403.exe
C:\Users\da\Documents\Downloads\ccsetup406.exe
C:\Users\da\Documents\Downloads\ccsetup407.exe
C:\Users\da\Documents\Downloads\ccsetup408.exe
C:\Users\da\Documents\Downloads\ccsetup409.exe
C:\Users\da\Documents\Downloads\ccsetup410.exe
C:\Users\da\Documents\Downloads\ccsetup411.exe
C:\Users\da\Documents\Downloads\ccsetup412(1).exe
C:\Users\da\Documents\Downloads\ccsetup412.exe
C:\Users\da\Documents\Downloads\ccsetup414.exe
C:\Users\da\Documents\Downloads\ccsetup415.exe
C:\Users\da\Documents\Downloads\ccsetup416.exe
C:\Users\da\Documents\Downloads\ccsetup417.exe
C:\Users\da\Documents\Downloads\ccsetup419(1).exe
C:\Users\da\Documents\Downloads\ccsetup419.exe
C:\Users\da\Documents\Downloads\ccsetup501.exe
C:\Users\da\Documents\Downloads\ccsetup502.exe
C:\Users\da\Documents\Downloads\ccsetup503.exe
C:\Users\da\Documents\Downloads\ccsetup504.exe
C:\Users\da\Documents\Downloads\ccsetup506.exe
C:\Users\da\Documents\Downloads\registrybooster.exe
C:\Users\da\Downloads\ccsetup310.exe
C:\Users\da\Downloads\ccsetup311.exe
C:\Users\da\Downloads\ccsetup313.exe
C:\Users\da\Downloads\ccsetup314.exe
C:\Users\da\Downloads\ccsetup315.exe
C:\Users\da\Downloads\ccsetup317.exe
C:\Users\da\Downloads\ccsetup319.exe
C:\Users\da\Downloads\ccsetup323.exe
C:\Users\da\Downloads\ccsetup325.exe
C:\Users\da\Downloads\ccsetup326.exe
C:\Users\da\Downloads\ccsetup327.exe
C:\Users\da\Downloads\ccsetup328.exe
C:\Users\da\Downloads\ccsetup400.exe
C:\Users\da\Downloads\ccsetup508.exe
C:\Users\da\Downloads\ccsetup509.exe
C:\Users\da\Downloads\ccsetup511(1).exe
C:\Users\da\Downloads\ccsetup511.exe
C:\Users\da\Downloads\ccsetup512.exe
C:\Users\da\Downloads\ccsetup512_update(1).exe
C:\Users\da\Downloads\ccsetup512_update.exe.part
C:\Users\da\Downloads\ccsetup513(1).exe
C:\Users\da\Downloads\ccsetup513.exe
C:\Users\Public\Documents\SystemData\program\flashplayerwin10_ver_308.exe
C:\Users\Public\Documents\SystemData\program\flashplayerwin10_ver_381.exe
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Refresh Firefox

    How to refresh firefox

    please click here to refresh Firefox and follow the instructions.


    Step3 - Run Farbar Service Scanner


    Please download Farbar Service Scanner to your desktop.
  • Locate the FSS.exe file and right click on it. Choose run as administrator
  • Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) on your desktop.
  • Please copy and paste the log to your reply.


    Things for your next post:
  • fixlog.txt
  • How is Firefox performing now?
  • FSS.txt

  • 0

#12
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce1270

All above completed.  FF is still a bit slow but much better than it was.  It still hangs/not responding but much quicker.  MS Office still giving me problems although outlook is working a bit better, but still has a hissy fit every now and again whereby it will hang and flash very quick (saying not responding).  When I now click on open new message it is at least opening and coming to the front whereas before it was going behind the main screen and I would have to click on the messeage icon in the task bar to see the message.  Excel is still having issues, not opening up spreadsheets on the first click and then I have to leave the blank screen open and click on the excel icon again..  Word seems to be ok just a bit slow but no errors at the moment.  The screen "blinks" every now and again but on the whole much better now than when you first took up my topic.  Thank you.

 

Here are the logs you require.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by da (2016-02-14 16:51:33) Run:3
Running from C:\Users\da\Desktop
Loaded Profiles: da (Available Profiles: da)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Users\da\Documents\Downloads\ccsetup403.exe
C:\Users\da\Documents\Downloads\ccsetup406.exe
C:\Users\da\Documents\Downloads\ccsetup407.exe
C:\Users\da\Documents\Downloads\ccsetup408.exe
C:\Users\da\Documents\Downloads\ccsetup409.exe
C:\Users\da\Documents\Downloads\ccsetup410.exe
C:\Users\da\Documents\Downloads\ccsetup411.exe
C:\Users\da\Documents\Downloads\ccsetup412(1).exe
C:\Users\da\Documents\Downloads\ccsetup412.exe
C:\Users\da\Documents\Downloads\ccsetup414.exe
C:\Users\da\Documents\Downloads\ccsetup415.exe
C:\Users\da\Documents\Downloads\ccsetup416.exe
C:\Users\da\Documents\Downloads\ccsetup417.exe
C:\Users\da\Documents\Downloads\ccsetup419(1).exe
C:\Users\da\Documents\Downloads\ccsetup419.exe
C:\Users\da\Documents\Downloads\ccsetup501.exe
C:\Users\da\Documents\Downloads\ccsetup502.exe
C:\Users\da\Documents\Downloads\ccsetup503.exe
C:\Users\da\Documents\Downloads\ccsetup504.exe
C:\Users\da\Documents\Downloads\ccsetup506.exe
C:\Users\da\Documents\Downloads\registrybooster.exe
C:\Users\da\Downloads\ccsetup310.exe
C:\Users\da\Downloads\ccsetup311.exe
C:\Users\da\Downloads\ccsetup313.exe
C:\Users\da\Downloads\ccsetup314.exe
C:\Users\da\Downloads\ccsetup315.exe
C:\Users\da\Downloads\ccsetup317.exe
C:\Users\da\Downloads\ccsetup319.exe
C:\Users\da\Downloads\ccsetup323.exe
C:\Users\da\Downloads\ccsetup325.exe
C:\Users\da\Downloads\ccsetup326.exe
C:\Users\da\Downloads\ccsetup327.exe
C:\Users\da\Downloads\ccsetup328.exe
C:\Users\da\Downloads\ccsetup400.exe
C:\Users\da\Downloads\ccsetup508.exe
C:\Users\da\Downloads\ccsetup509.exe
C:\Users\da\Downloads\ccsetup511(1).exe
C:\Users\da\Downloads\ccsetup511.exe
C:\Users\da\Downloads\ccsetup512.exe
C:\Users\da\Downloads\ccsetup512_update(1).exe
C:\Users\da\Downloads\ccsetup512_update.exe.part
C:\Users\da\Downloads\ccsetup513(1).exe
C:\Users\da\Downloads\ccsetup513.exe
C:\Users\Public\Documents\SystemData\program\flashplayerwin10_ver_308.exe
C:\Users\Public\Documents\SystemData\program\flashplayerwin10_ver_381.exe
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
C:\Users\da\Documents\Downloads\ccsetup403.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup406.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup407.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup408.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup409.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup410.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup411.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup412(1).exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup412.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup414.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup415.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup416.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup417.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup419(1).exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup419.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup501.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup502.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup503.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup504.exe => moved successfully
C:\Users\da\Documents\Downloads\ccsetup506.exe => moved successfully
C:\Users\da\Documents\Downloads\registrybooster.exe => moved successfully
C:\Users\da\Downloads\ccsetup310.exe => moved successfully
C:\Users\da\Downloads\ccsetup311.exe => moved successfully
C:\Users\da\Downloads\ccsetup313.exe => moved successfully
C:\Users\da\Downloads\ccsetup314.exe => moved successfully
C:\Users\da\Downloads\ccsetup315.exe => moved successfully
C:\Users\da\Downloads\ccsetup317.exe => moved successfully
C:\Users\da\Downloads\ccsetup319.exe => moved successfully
C:\Users\da\Downloads\ccsetup323.exe => moved successfully
C:\Users\da\Downloads\ccsetup325.exe => moved successfully
C:\Users\da\Downloads\ccsetup326.exe => moved successfully
C:\Users\da\Downloads\ccsetup327.exe => moved successfully
C:\Users\da\Downloads\ccsetup328.exe => moved successfully
C:\Users\da\Downloads\ccsetup400.exe => moved successfully
C:\Users\da\Downloads\ccsetup508.exe => moved successfully
C:\Users\da\Downloads\ccsetup509.exe => moved successfully
C:\Users\da\Downloads\ccsetup511(1).exe => moved successfully
C:\Users\da\Downloads\ccsetup511.exe => moved successfully
C:\Users\da\Downloads\ccsetup512.exe => moved successfully
C:\Users\da\Downloads\ccsetup512_update(1).exe => moved successfully
C:\Users\da\Downloads\ccsetup512_update.exe.part => moved successfully
C:\Users\da\Downloads\ccsetup513(1).exe => moved successfully
C:\Users\da\Downloads\ccsetup513.exe => moved successfully
C:\Users\Public\Documents\SystemData\program\flashplayerwin10_ver_308.exe => moved successfully
C:\Users\Public\Documents\SystemData\program\flashplayerwin10_ver_381.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 249.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:04:37 ====

 

Farbar Service Scanner Version: 27-01-2016
Ran by da (administrator) on 14-02-2016 at 17:52:57
Running from "C:\Users\da\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => File is digitally signed
C:\windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\windows\system32\dhcpcore.dll => File is digitally signed
C:\windows\system32\Drivers\afd.sys => File is digitally signed
C:\windows\system32\Drivers\tdx.sys => File is digitally signed
C:\windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\windows\system32\dnsrslvr.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\mpssvc.dll => File is digitally signed
C:\windows\system32\bfe.dll => File is digitally signed
C:\windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\windows\system32\SDRSVC.dll => File is digitally signed
C:\windows\system32\vssvc.exe => File is digitally signed
C:\windows\system32\wscsvc.dll => File is digitally signed
C:\windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\windows\system32\wuaueng.dll => File is digitally signed
C:\windows\system32\qmgr.dll => File is digitally signed
C:\windows\system32\es.dll => File is digitally signed
C:\windows\system32\cryptsvc.dll => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0

#13
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi pumpkinace

Let's try a clean boot to see if this improves things. We might be able to narrow down if a particular service or start up item is causing an issue.

Can you confirm when outlook, excel etc stop responding or are slow - is this in general or at a specific time e.g. just after boot up?


Clean Boot


In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
Note:The Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.

After it boots try opening Outlook, Firefox, Excel to see how they respond.

In your next post let me know how this goes.
  • 0

#14
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce1270

Well fingers crossed it is working a lot faster than it has in about a year!  I have tried to replicate the errors in outlook (which went biserk yesterday for 10 mins and in the end I had to do control, alt and delete to close the programme down).  I have also been able to open up excel and it has opened without any problems so far which is the first in a very long time.  I think your patience and experteze has paid off and fingres crossed that I am not saying this too quickly but it looks like my machine is working how it should be.  Thank you so so much, can't thank you enough.  Kind regards Dawn   Is there anything else you need me to do?


  • 0

#15
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi pumpkinace

Good to here it seems to be running better. :thumbsup:

Ok, while still in clean boot state I need you to do the boring bit.

open MSConfig as before
Go to the services tab and re-enable half of those that you disabled
Reboot

Try opening excel, outlook etc again.
If it freezes untick the services one at a time, rebooting after each one to determine the one causing the problem.
If it still boots normally and does not freeze then re-enable the remaining services and reboot.
Again if it freezes, untick each service one at a time and reboot.
The aim is to isolate the dodgy service


Let me know how this goes and which service, if any is causing the issue.

If this does not identify a problem, if you have the product key and the software for Microsoft Small Business 2007 it might be worth a reinstall or if it was not purchased try a free alternative to office. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP