Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

A svchost.exe process uses all remaining CPU and slows down computer.

Started by tech_addict , May 11 2016 07:13 AM

malware rootkit

This topic is locked

#1
tech_addict

Posted 11 May 2016 - 07:13 AM

New Member

Member
9 posts

CPU usage always at 100% even when no app is run, and the computer response is sluggish.

The svchost.exe process is associated with the following services (found out by selecting 'Go to Service(s)' on the pop-up menu of the process in Windows Task Manager): AeLookupSvc, Appinfo, BITS, Browser, EapHost, IKEEXT, iphlpsvc, LanmanServer, MMCSS, ProfSvc, Schedule, SENS, ShellHWDetection, Themes, Winmgmt, and wuauserv (all grouped as 'netsvcs'--iphlpsvc's group is 'NetSvcs', not 'netsvcs').

Avast Free Antivirus, Rkill and TDSSKill failed to detect any malware on my computer.

The symptom started to occur last night. I haven't installed any new software recently. My computer probably got infected while browsing the Web on Firefox.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Allen (administrator) on DELL-WIN7 (11-05-2016 07:32:43)
Running from C:\Users\Allen\Desktop
Loaded Profiles: Allen (Available Profiles: Allen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2008\EDICT.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(MyLittleHost) C:\Program Files\Dimmer\Dimmer.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8321568 2009-11-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [433160 2015-09-04] (DivX, LLC)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2012-12-06] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7391632 2016-05-04] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\Run: [E08AXLRD_41108338] => C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2008\EDICT.EXE [351000 2007-05-21] (Microsoft Corporation)
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\Run: [PC_GIZMOS] => "C:\Users\Allen\AppData\Roaming\PC-Gizmos\PC_136528.en_77.exe" --update
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\MountPoints2: J - J:\TL-Bootstrap.exe
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\MountPoints2: {80b41c4b-c7ed-11e2-b445-d4bed9d95676} - J:\TL-Bootstrap.exe
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\MountPoints2: {c4bbaa24-56d2-11e3-9167-d4bed9d95676} - J:\LGAutoRun.exe
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-01-30]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-02-25]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B6C323D0-B9C1-4AC5-A6F5-069E8DE2D596}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\S-1-5-21-1218117248-1459672485-3074969709-1000 -> DefaultScope {D2E63E47-1F79-4622-AB0A-562601416017} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1218117248-1459672485-3074969709-1000 -> {C0518EFF-1CBF-4EA7-8C1A-302729CC0D69} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1218117248-1459672485-3074969709-1000 -> {D2E63E47-1F79-4622-AB0A-562601416017} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-21] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-21] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\dupa8gpk.default-1462496014808
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-09-02] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-03-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-04]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.yahoo.com/?type=903578&fr=spigot-yhp-ch
CHR StartupUrls: Default -> "hxxp://www.gmail.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Google Search) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Avast SafePrice) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Avast Online Security) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Profile: C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]
CHR Extension: (Google Docs) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-12]
CHR Extension: (YouTube) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12]
CHR Extension: (Google Sheets) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (SiteAdvisor) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-12]
CHR Extension: (Google Wallet) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12]
CHR Extension: (Gmail) - C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12]
CHR HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-04] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2012-12-06] (Luis Cobian, CobianSoft) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 mfehidk01; \Device\mfehidk01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-11 07:32 - 2016-05-11 07:43 - 00020905 _____ C:\Users\Allen\Desktop\FRST.txt
2016-05-11 07:32 - 2016-05-11 07:32 - 00000000 ____D C:\FRST
2016-05-11 07:29 - 2016-05-11 07:30 - 02381312 _____ (Farbar) C:\Users\Allen\Desktop\FRST64.exe
2016-05-11 07:05 - 2016-05-11 07:16 - 01468744 _____ C:\TDSSKiller.3.1.0.9_11.05.2016_07.05.27_log.txt
2016-05-11 06:56 - 2016-05-11 07:01 - 00197022 _____ C:\TDSSKiller.3.1.0.9_11.05.2016_06.56.42_log.txt
2016-05-11 06:55 - 2016-05-11 06:55 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Allen\Downloads\tdsskiller.exe
2016-05-11 06:41 - 2016-05-11 06:51 - 00002230 _____ C:\Users\Allen\Desktop\Rkill.txt
2016-05-11 06:39 - 2016-05-11 06:39 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Allen\Downloads\rkill.exe
2016-05-10 09:03 - 2016-05-10 09:03 - 00051613 _____ C:\Users\Allen\AppData\Local\recently-used.xbel
2016-05-05 20:52 - 2016-05-06 07:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 07:24 - 2016-05-04 07:24 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-05-04 07:24 - 2016-05-04 07:24 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-05-02 18:22 - 2016-05-02 18:22 - 01777152 _____ C:\Users\Allen\Downloads\wintin++.2.01.1.msi
2016-05-01 22:37 - 2016-05-01 22:37 - 00003242 _____ C:\Windows\System32\Tasks\{D6CA2DB1-EE53-4023-B5F4-F1857EB9217E}
2016-05-01 22:33 - 2010-02-08 10:22 - 00000863 _____ C:\Users\Allen\DesktopPortal.lnk
2016-04-30 08:20 - 2016-04-30 08:20 - 00285551 _____ C:\Users\Allen\Documents\Rescued document 2.txt
2016-04-30 08:20 - 2016-04-30 08:20 - 00285479 _____ C:\Users\Allen\Documents\Backup of Rescued document 1.wbk
2016-04-30 08:20 - 2016-04-30 08:20 - 00285454 _____ C:\Users\Allen\Documents\Rescued document 1.txt
2016-04-30 08:20 - 2016-04-30 08:20 - 00000013 _____ C:\Users\Allen\Documents\Rescued document.txt
2016-04-27 13:11 - 2016-04-29 10:17 - 00000000 ____D C:\Users\Allen\AppData\Roaming\dvdcss
2016-04-27 13:10 - 2016-04-29 10:18 - 00000000 ____D C:\Users\Allen\AppData\Roaming\HandBrake
2016-04-27 13:10 - 2016-04-27 13:10 - 00000000 ____D C:\Users\Allen\AppData\Roaming\HandBrake Team
2016-04-27 13:08 - 2016-04-27 13:08 - 00046592 _____ C:\Users\Allen\Downloads\libdvdcss-2.dll
2016-04-27 13:07 - 2016-04-27 13:08 - 00000000 ____D C:\Program Files\Handbrake
2016-04-27 13:07 - 2016-04-27 13:07 - 00000826 _____ C:\Users\Allen\Desktop\Handbrake.lnk
2016-04-27 13:07 - 2016-04-27 13:07 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-27 13:07 - 2016-04-27 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-27 13:05 - 2016-04-27 13:06 - 16520043 _____ C:\Users\Allen\Downloads\HandBrake-0.10.5-x86_64-Win_GUI-1.exe
2016-04-23 09:39 - 2016-04-23 09:42 - 00000000 ____D C:\Users\Allen\AppData\Local\FluxSoftware
2016-04-23 09:38 - 2016-04-23 09:38 - 00597304 _____ C:\Users\Allen\Downloads\flux-setup.exe
2016-04-18 12:32 - 2016-04-18 12:32 - 00171956 _____ C:\Users\Allen\Downloads\discovery - en.pdf
2016-04-14 21:16 - 2016-04-14 21:16 - 00001276 _____ C:\Users\Allen\Desktop\VBAWRD9.CHM.lnk
2016-04-14 18:19 - 2016-04-14 18:19 - 07789784 _____ C:\Users\Allen\Downloads\animate_reference.pdf
2016-04-13 15:26 - 2016-04-04 14:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 15:26 - 2016-04-04 14:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 15:26 - 2016-04-02 09:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 15:26 - 2016-03-23 10:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 15:26 - 2016-03-17 14:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 15:26 - 2016-03-17 14:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 15:26 - 2016-03-17 14:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 15:26 - 2016-03-17 14:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-12 19:45 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 19:44 - 2016-03-17 19:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-12 19:44 - 2016-03-17 19:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-12 19:44 - 2016-03-17 19:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-12 19:44 - 2016-03-17 19:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-12 19:44 - 2016-03-17 19:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-12 19:44 - 2016-03-17 19:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-12 19:44 - 2016-03-17 18:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-12 19:44 - 2016-03-17 18:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-12 19:44 - 2016-03-17 18:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-12 19:44 - 2016-03-17 18:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-12 19:44 - 2016-03-17 18:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-12 19:44 - 2016-03-17 18:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-12 19:44 - 2016-03-17 18:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-12 19:44 - 2016-03-17 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-12 19:44 - 2016-03-17 18:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-12 19:44 - 2016-03-17 18:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-12 19:44 - 2016-03-17 18:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-12 19:44 - 2016-03-17 18:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-12 19:44 - 2016-03-17 18:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-12 19:44 - 2016-03-17 18:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-12 19:44 - 2016-03-17 18:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-12 19:44 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-12 19:44 - 2016-03-17 18:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-12 19:44 - 2016-03-17 18:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-12 19:44 - 2016-03-17 18:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-12 19:44 - 2016-03-17 18:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-12 19:44 - 2016-03-17 18:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-12 19:44 - 2016-03-17 18:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-12 19:44 - 2016-03-17 18:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-12 19:44 - 2016-03-17 18:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-12 19:44 - 2016-03-17 18:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-12 19:44 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-12 19:44 - 2016-03-17 18:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-12 19:44 - 2016-03-17 18:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-12 19:44 - 2016-03-17 18:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-12 19:44 - 2016-03-17 18:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-12 19:44 - 2016-03-17 18:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-12 19:44 - 2016-03-17 18:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-12 19:44 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-12 19:44 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-12 19:44 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-12 19:44 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-12 19:44 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-12 19:44 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-12 19:44 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-12 19:44 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-12 19:44 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-12 19:44 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-12 19:44 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-12 19:44 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-12 19:44 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 17:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-12 19:44 - 2016-03-17 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-12 19:44 - 2016-03-17 17:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-12 19:44 - 2016-03-17 17:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-12 19:44 - 2016-03-17 17:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-12 19:44 - 2016-03-17 17:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-12 19:44 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-12 19:44 - 2016-03-17 17:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-12 19:44 - 2016-03-17 17:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-12 19:44 - 2016-03-17 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-12 19:44 - 2016-03-17 17:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-12 19:44 - 2016-03-17 17:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-12 19:44 - 2016-03-17 17:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-12 19:44 - 2016-03-17 17:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-12 19:44 - 2016-03-17 17:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-12 19:44 - 2016-03-17 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-12 19:44 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-12 19:44 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 19:44 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-12 19:44 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-12 19:44 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-12 19:44 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 19:44 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-12 19:44 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-12 19:44 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 19:44 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-12 19:43 - 2016-03-29 13:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-12 19:43 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-12 19:43 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-12 19:43 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-12 19:43 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-12 19:43 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-12 19:41 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-12 19:41 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 19:41 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-12 19:40 - 2016-03-31 15:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-12 19:40 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-12 19:40 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-12 19:40 - 2016-03-30 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-12 19:40 - 2016-03-30 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-12 19:40 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-12 19:40 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-12 19:40 - 2016-03-30 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-12 19:40 - 2016-03-30 20:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-12 19:40 - 2016-03-30 20:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-12 19:40 - 2016-03-30 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-12 19:40 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-12 19:40 - 2016-03-30 20:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-12 19:40 - 2016-03-30 20:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-12 19:40 - 2016-03-30 20:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-12 19:40 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-12 19:40 - 2016-03-30 20:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-12 19:40 - 2016-03-30 20:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-12 19:40 - 2016-03-30 20:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-12 19:40 - 2016-03-30 20:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-12 19:40 - 2016-03-30 20:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-12 19:40 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-12 19:40 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-12 19:40 - 2016-03-30 20:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-12 19:40 - 2016-03-30 19:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-12 19:40 - 2016-03-30 19:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-12 19:40 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-12 19:40 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-12 19:40 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-12 19:40 - 2016-03-30 19:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-12 19:40 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-12 19:40 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-12 19:40 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-12 19:40 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-12 19:40 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-12 19:40 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-12 19:40 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-12 19:40 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-12 19:40 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-12 19:40 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-12 19:40 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-12 19:40 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-12 19:40 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-12 19:40 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-12 19:40 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-12 19:40 - 2016-03-30 19:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-12 19:40 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-12 19:40 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-12 19:40 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-12 19:40 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-12 19:40 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-12 19:40 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-12 19:40 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-12 19:40 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-12 19:40 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-12 19:40 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-12 19:40 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-12 19:40 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-12 19:40 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-12 19:40 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-12 19:40 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-12 19:40 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-12 19:40 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-12 19:40 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-12 19:40 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-12 19:40 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-12 19:40 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-12 19:40 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-12 17:31 - 2016-04-12 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
2016-04-12 17:31 - 2016-04-12 17:31 - 00000000 ____D C:\Program Files\gs
2016-04-12 17:30 - 2016-04-12 17:30 - 14851183 _____ C:\Users\Allen\Downloads\gs919w64.exe
2016-04-12 09:40 - 2016-04-12 09:40 - 05511905 _____ C:\Users\Allen\Downloads\books_diyspec_v1_1454449291350.pdf
2016-04-12 08:11 - 2016-04-12 08:21 - 00000927 _____ C:\Users\Allen\Desktop\Sigil.lnk
2016-04-12 08:07 - 2016-04-12 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigil
2016-04-12 08:07 - 2016-04-12 08:07 - 00000000 ____D C:\Program Files\Sigil
2016-04-11 18:08 - 2016-04-11 19:00 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Scribus
2016-04-11 18:07 - 2016-04-11 18:07 - 00000868 _____ C:\Users\Public\Desktop\Scribus 1.4.6.lnk
2016-04-11 18:06 - 2016-04-11 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.6
2016-04-11 18:05 - 2016-04-11 18:07 - 00000000 ____D C:\Program Files\Scribus 1.4.6

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-11 07:41 - 2013-01-30 13:21 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 07:35 - 2013-01-29 21:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-11 07:33 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-11 07:33 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-11 07:08 - 2015-01-16 09:12 - 00000000 ___RD C:\Users\Allen\Google Drive
2016-05-11 07:03 - 2013-01-30 13:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-11 07:03 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-11 06:21 - 2015-10-08 11:06 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-11 00:31 - 2013-01-30 10:59 - 00000000 ____D C:\ProgramData\TEMP
2016-05-11 00:23 - 2014-08-19 05:49 - 00000490 _____ C:\Windows\Tasks\fba_Daily Backup.job
2016-05-11 00:23 - 2009-07-14 01:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-10 20:36 - 2013-01-30 13:21 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 20:36 - 2013-01-30 13:21 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-09 23:17 - 2015-03-24 16:58 - 00000000 ____D C:\Users\Allen\Synfig
2016-05-08 07:36 - 2009-07-14 01:13 - 00876042 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-08 07:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-06 07:26 - 2013-01-30 07:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-06 03:02 - 2015-05-20 03:04 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 03:02 - 2015-05-20 03:04 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-05 03:01 - 2014-12-10 04:38 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-04 11:34 - 2016-03-23 03:11 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458717047
2016-05-04 07:24 - 2015-10-08 11:05 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-05-04 07:24 - 2015-10-08 11:05 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-05-04 07:24 - 2015-10-08 11:05 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-05-04 07:24 - 2015-10-08 11:05 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-05-04 07:24 - 2015-10-08 11:05 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-05-04 07:24 - 2015-10-08 11:05 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-05-04 07:24 - 2015-10-08 11:05 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-05-04 07:23 - 2016-03-23 03:10 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-05-04 07:23 - 2015-10-08 11:05 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-05-02 22:47 - 2016-03-31 16:09 - 00000000 ____D C:\CygWin_Downloads
2016-05-02 15:42 - 2013-01-30 13:23 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-02 07:46 - 2015-08-14 16:58 - 00000000 ____D C:\Users\Allen\.kindle
2016-05-01 22:33 - 2013-01-29 20:50 - 00000000 ____D C:\Users\Allen
2016-04-29 20:32 - 2015-10-12 13:09 - 00000000 ____D C:\Users\Allen\AppData\Roaming\vlc
2016-04-29 17:49 - 2015-03-18 08:55 - 00000000 ____D C:\Users\Allen\AppData\Roaming\avidemux
2016-04-28 05:28 - 2015-01-16 08:43 - 00002044 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-04-28 05:28 - 2015-01-16 08:43 - 00002042 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-04-28 05:28 - 2015-01-16 08:43 - 00002032 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-04-28 05:28 - 2015-01-16 08:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-21 15:34 - 2013-01-30 01:07 - 00000000 ____D C:\Users\Allen\Documents\Temp
2016-04-21 15:05 - 2010-11-20 23:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-20 16:22 - 2015-09-02 10:15 - 00000000 ____D C:\ProgramData\Oracle
2016-04-20 16:21 - 2015-09-02 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-20 16:21 - 2015-09-02 10:15 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-20 16:20 - 2015-09-02 10:16 - 00000000 ____D C:\Users\Allen\.oracle_jre_usage
2016-04-20 16:18 - 2015-09-02 10:16 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-18 12:50 - 2016-03-04 13:32 - 00001025 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-04-17 08:37 - 2013-04-20 19:17 - 00000000 ____D C:\Users\Allen\AppData\Roaming\Audacity
2016-04-16 13:03 - 2013-05-28 19:43 - 00000000 ____D C:\Users\Allen\.gimp-2.8
2016-04-16 06:30 - 2009-07-14 00:45 - 00425608 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-14 21:13 - 2013-01-29 20:52 - 00093360 _____ C:\Users\Allen\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-14 11:25 - 2015-01-16 15:05 - 00003146 _____ C:\Windows\System32\Tasks\fba_Daily Backup COMPAQ
2016-04-13 21:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-13 03:23 - 2013-07-12 06:30 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 03:09 - 2013-01-29 21:29 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-12 14:20 - 2014-08-10 14:47 - 00000000 ____D C:\Users\Allen\AppData\Local\gtk-2.0

==================== Files in the root of some directories =======

2016-03-27 14:32 - 2016-04-04 19:44 - 0001112 _____ () C:\Users\Allen\AppData\Roaming\.emacs
2016-03-27 14:48 - 2016-03-31 16:51 - 0000754 _____ () C:\Users\Allen\AppData\Roaming\.emacs~
2013-04-04 16:10 - 2016-01-10 08:08 - 0000100 _____ () C:\Users\Allen\AppData\Roaming\Camdata.ini
2013-04-04 16:10 - 2016-01-10 08:08 - 0000408 _____ () C:\Users\Allen\AppData\Roaming\CamLayout.ini
2013-04-04 16:10 - 2016-01-10 08:08 - 0000408 _____ () C:\Users\Allen\AppData\Roaming\CamShapes.ini
2013-04-04 16:10 - 2016-01-10 08:08 - 0004548 _____ () C:\Users\Allen\AppData\Roaming\CamStudio.cfg
2013-04-04 16:19 - 2013-04-04 16:19 - 0000000 _____ () C:\Users\Allen\AppData\Roaming\CamStudio.Producer.Data.ini
2013-04-04 16:19 - 2013-04-04 16:19 - 0001206 _____ () C:\Users\Allen\AppData\Roaming\CamStudio.Producer.ini
2013-08-02 17:03 - 2013-08-02 17:03 - 0000149 _____ () C:\Users\Allen\AppData\Roaming\uninstall.bat
2016-01-10 08:04 - 2016-01-10 08:08 - 0000096 _____ () C:\Users\Allen\AppData\Roaming\version2.xml
2013-11-22 17:54 - 2014-05-06 21:33 - 0005120 _____ () C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-10 09:03 - 2016-05-10 09:03 - 0051613 _____ () C:\Users\Allen\AppData\Local\recently-used.xbel
2013-02-17 03:06 - 2013-02-17 03:06 - 0007597 _____ () C:\Users\Allen\AppData\Local\Resmon.ResmonCfg
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Allen\AppData\Local\Tempdivx0dc2
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Allen\AppData\Local\Tempdivx0f0e
2015-07-06 10:37 - 2015-07-06 10:37 - 0043682 _____ () C:\Users\Allen\AppData\Local\Tempdivx215b
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Allen\AppData\Local\Tempdivx8732
2015-07-06 10:37 - 2015-07-06 10:37 - 1328472 _____ (DivX, LLC) C:\Users\Allen\AppData\Local\Tempdivxdcc4.exe
2015-07-06 12:14 - 2015-07-06 12:14 - 0043682 _____ () C:\Users\Allen\AppData\Local\Tempdivxdd09
2015-07-06 10:37 - 2015-07-06 10:37 - 0043682 _____ () C:\Users\Allen\AppData\Local\Tempdivxf4a5

Some files in TEMP:
====================
C:\Users\Allen\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Allen\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Allen\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Allen\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Allen\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Allen\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Allen\AppData\Local\Temp\npp.6.9.1.Installer.exe
C:\Users\Allen\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\Allen\AppData\Local\Temp\swt-win32-3452.dll
C:\Users\Allen\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Allen\AppData\Local\Temp\{CA22B675-4709-4928-A9A0-E6558CE51D65}-46.0.2490.80_46.0.2490.71_chrome_updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-08 00:41

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Allen (2016-05-11 08:05:30)
Running from C:\Users\Allen\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-01-30 00:50:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1218117248-1459672485-3074969709-500 - Administrator - Disabled)
Allen (S-1-5-21-1218117248-1459672485-3074969709-1000 - Administrator - Enabled) => C:\Users\Allen
Guest (S-1-5-21-1218117248-1459672485-3074969709-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A.F.5 Rename your files 1.1 (HKLM-x32\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.0.0 - Auslogics Labs Pty Ltd)
Auto Clicker by Shocker (HKLM-x32\...\Auto Clicker by Shocker_is1) (Version: V3.0 - shockingsoft.com)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.9.00 - )
calibre 64bit (HKLM\...\{13AD5E97-F15C-46C7-92D9-6CE42AB6E73E}) (Version: 1.26.0 - Kovid Goyal)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
ccc-core-static (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Encarta Search Bar (64-bit) (HKLM\...\{08044040-959A-4B0D-8825-2C533F0DDB19}) (Version: 1.0.0 - Microsoft)
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
FBackup 4 (HKLM-x32\...\FBackup 4_is1) (Version: - Softland)
Focus MP3 Recorder Pro 5.0 (HKLM-x32\...\Focus MP3 Recorder Pro_is1) (Version: - FocusSoft.net)
Free Stopwatch 2.7.0 (HKLM-x32\...\{A1FAC1AF-5615-47FE-B5C8-5E981EC8522B}_is1) (Version: 2.7 - Comfort Software Group)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.1 - ghost-mouse.com)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.19) (Version: 9.19 - Artifex Software Inc.)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 7 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
jEdit 5.3.0 (HKLM\...\jEdit_is1) (Version: 5.3.0 - Contributors)
Kindle Previewer (HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\KindlePreviewer) (Version: 2.94 - Amazon)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Le Petit Robert 2009 (HKLM\...\PR1CD2009) (Version: - Le Robert)
LibreOffice 4.4.1.2 (HKLM-x32\...\{4A754DA6-6E12-40AF-BAF0-B7D60C6BE005}) (Version: 4.4.1.2 - The Document Foundation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Encarta Premium 2008 (HKLM-x32\...\{08040081-FCA5-44A7-B863-D66037A16AAF}) (Version: 2008 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Visio Standard 2003 (HKLM-x32\...\{91530409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
ProjectLibre (HKLM-x32\...\{37B15B87-A3FF-4847-9E44-4750DF13BA66}) (Version: 1.6.1.0 - ProjectLibre)
Python 2.7 pymol-1.6.0.0 (64-bit) (HKLM\...\pymol-py2.7) (Version: - )
Python 3.5.1 (32-bit) (HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5977 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Scribus 1.4.6 (64bit) (HKLM\...\Scribus 1.4.6) (Version: 1.4.6 - The Scribus Team)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sigil 0.9.5 (HKLM\...\Sigil_is1) (Version: - Sigil-Ebook)
Skins (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Sothink FLV Player (HKLM-x32\...\{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1) (Version: 2.3 - SourceTec Software Co., LTD)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 1.0.2 - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSDC Free Video Editor version 3.0.0.345 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.0.0.345 - Flash-Integro LLC)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFF 1.5.4 (Codename EMMA) (HKLM-x32\...\WinFF_is1) (Version: - WinFF.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2061D3E7-80C1-4045-8171-00FAE3A1DF17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {33DEDCDD-AA6B-455F-81C1-B319D6788012} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {59D29DBB-9E76-409E-8E71-D8B5724B349D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6903E380-1812-4BF5-BFC9-EA5E8A986924} - System32\Tasks\fba_Daily Backup COMPAQ => C:\Program Files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2013-01-10] (Softland)
Task: {6C1130AB-B220-44D3-B928-FBD302FBADB2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {7C02BC6B-E25A-47ED-AE27-6145BF109172} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {7CE5D545-666E-431B-B8C8-55CB0A7D022A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8661FE02-919D-4912-8D12-067F50D773EB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-04] (AVAST Software)
Task: {8E272A39-AA9F-4C5F-83A3-E5EE5D3F28FC} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation)
Task: {97D003CC-E9FC-4202-94CD-467FACA556F7} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION
Task: {FD8842C4-E7AF-4845-B32F-704B0BD03507} - System32\Tasks\SafeZone scheduled Autoupdate 1458717047 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\fba_Daily Backup.job => C:\Program Files (x86)\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Allen\Desktop\Android Debug Monitor.lnk -> C:\Program Files\adt-x64-20130219\sdk\tools\monitor.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-02-21 17:38 - 2016-02-21 17:38 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-09-15 12:06 - 2011-09-15 12:06 - 00088576 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2008-11-18 14:00 - 2008-11-18 14:00 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-01-29 21:42 - 2013-01-29 21:42 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-05-04 07:24 - 2016-05-04 07:24 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-04 07:24 - 2016-05-04 07:24 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-11 06:23 - 2016-05-11 06:23 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\16051100\algo.dll
2016-05-04 07:24 - 2016-05-04 07:24 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2007-05-21 06:02 - 2007-05-21 06:02 - 00269080 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2008\ERSREGPR.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 00228120 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2008\MSENCDAT.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 00178968 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2008\ENCCONT.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 00351000 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Reference 2008\MSENCXML.DLL
2007-05-21 06:00 - 2007-05-21 06:00 - 00068376 _____ () C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2008\EDICTEIT.EBK
2015-12-01 16:37 - 2015-12-01 16:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 16:37 - 2015-12-01 16:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-05-11 07:05 - 2016-05-11 07:05 - 00098816 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32api.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00110080 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\pywintypes27.dll
2016-05-11 07:05 - 2016-05-11 07:05 - 00364544 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\pythoncom27.dll
2016-05-11 07:05 - 2016-05-11 07:05 - 00320512 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32com.shell.shell.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00776704 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\_hashlib.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 01176576 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\wx._core_.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00806400 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\wx._gdi_.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00816128 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\wx._windows_.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 01067008 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\wx._controls_.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00733184 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\wx._misc_.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00682496 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\pysqlite2._sqlite.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00088064 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\_ctypes.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00119808 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32file.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00108544 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32security.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00007168 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\hashobjs_ext.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00017920 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\thumbnails_ext.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00088064 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\usb_ext.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00167936 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32gui.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00018432 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32event.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00046080 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\_socket.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 01208320 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\_ssl.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00128512 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\_elementtree.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00127488 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\pyexpat.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00012288 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\common.time34.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00038912 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32inet.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00036864 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\_psutil_windows.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00525208 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\windows._lib_cacheinvalidation.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00011264 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32crypt.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00077312 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\wx._html2.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00027136 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\_multiprocessing.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00020480 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\_yappi.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00035840 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32process.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00686080 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\unicodedata.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00078848 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\wx._animate.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00123392 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\wx._wizard.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00024064 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32pipe.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00010240 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\select.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00025600 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32pdh.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00017408 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32profile.pyd
2016-05-11 07:05 - 2016-05-11 07:05 - 00022528 ____R () C:\Users\Allen\AppData\Local\Temp\_MEI37842\win32ts.pyd
2016-01-04 17:36 - 2016-01-04 17:36 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08 [246]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96940201.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\96940201.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-08-02 17:03 - 00000902 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B6E0388B-50C8-433A-9034-C8F0FFD1492D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{5293967E-1B3C-41F3-9109-AB4D4BDD8883}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EF0E173E-C137-4651-B314-8F9C4B351830}] => (Allow) LPort=2869
FirewallRules: [{4A1A786B-D283-4543-99C2-1D943F0508D4}] => (Allow) LPort=1900
FirewallRules: [{E47696FA-01A4-42DF-B665-06E8650291A2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{308A85A0-8A2F-49F7-9C9C-CEC39649CB57}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{DAD2DE77-0DCA-48C2-BF2E-B1262C063BCE}] => (Allow) C:\Users\Allen\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{4E786A7A-559D-41E4-A0B1-3D4DE648972D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1AB4099-5C31-4C92-8E53-FE5702EBC1EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9372DB39-BE61-4DFF-9BBB-B9B1A9DD3B84}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{8994ACE8-CAFF-4417-A395-1F49400ED252}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{46404312-C06A-4543-8320-38DE5DD9C819}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{F7F1FD09-D0CE-494A-9969-1161805A2356}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{6693CAE9-C2F6-4ABD-AC78-EE2368319A88}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{DF80A93B-5310-4AC3-9127-122D2658786F}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{758F0C69-8678-4F5B-A9A4-56198BB76760}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{EDF9A3BB-2CF8-4877-8CB5-858ACD000A40}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{376A191F-DC2E-4E81-90C7-A62CE116C794}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A7EF5B87-71AD-4B00-8626-36B2E0716897}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6F0CEBC2-E41C-479C-968C-ADF045216EDD}C:\users\allen\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe] => (Allow) C:\users\allen\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe
FirewallRules: [UDP Query User{1C0FA413-EBAF-45C0-A5BE-4B3481C62B75}C:\users\allen\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe] => (Allow) C:\users\allen\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe
FirewallRules: [{BCE15074-9AA8-431F-88B9-5A65E31C3DF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-05-2016 03:00:13 Windows Update
10-05-2016 01:11:21 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2016 07:05:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2016 06:20:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2016 12:23:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2016 12:12:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2016 11:50:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: notepad.exe, version: 6.1.7601.18917, time stamp: 0x559ea8be
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace4e7
Exception code: 0xc0000005
Fault offset: 0x000000000001e1ac
Faulting process id: 0x650
Faulting application start time: 0xnotepad.exe0
Faulting application path: notepad.exe1
Faulting module path: notepad.exe2
Report Id: notepad.exe3

Error: (05/10/2016 11:14:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2016 06:41:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program emacs.exe version 24.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1064

Start Time: 01d1aaace1986695

Termination Time: 47

Application Path: C:\emacs-24.5\bin\emacs.exe

Report Id: 47218c58-1700-11e6-b48d-d4bed9d95676

Error: (05/10/2016 07:10:14 AM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (3172) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (05/10/2016 07:10:14 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (3172) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/10/2016 07:08:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/11/2016 07:17:19 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/11/2016 07:17:19 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/11/2016 07:17:19 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/11/2016 07:17:19 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/11/2016 07:17:19 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/11/2016 07:09:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (05/11/2016 07:01:33 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/11/2016 06:29:49 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/11/2016 06:29:49 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (05/11/2016 06:26:17 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

==================== Memory info ===========================

Processor: AMD Sempron™ 150 Processor
Percentage of memory in use: 74%
Total physical RAM: 1790.98 MB
Available physical RAM: 458.38 MB
Total Virtual: 3581.95 MB
Available Virtual: 1242.06 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.39 GB) (Free:51.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 667C66C0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by tech_addict, 11 May 2016 - 07:18 AM.

#2
Essexboy

Posted 11 May 2016 - 07:34 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi could you let me know if this makes a difference

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\Run: [PC_GIZMOS] => "C:\Users\Allen\AppData\Roaming\PC-Gizmos\PC_136528.en_77.exe" --update
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
S3 mfehidk01; \Device\mfehidk01.sys [X]
2016-05-01 22:37 - 2016-05-01 22:37 - 00003242 _____ C:\Windows\System32\Tasks\{D6CA2DB1-EE53-4023-B5F4-F1857EB9217E}
2016-04-12 17:30 - 2016-04-12 17:30 - 14851183 _____ C:\Users\Allen\Downloads\gs919w64.exe
Task: {97D003CC-E9FC-4202-94CD-467FACA556F7} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION
C:\Users\Allen\AppData\Roaming\PC-Gizmos
C:\Users\All Users\dtdata
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Hosts:
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

#3
tech_addict

Posted 11 May 2016 - 09:59 AM

New Member

Topic Starter
Member
9 posts

Hi,

Thanks for the quick reply.

The problem still persists after following your instructions. A single svchost.exe process with the netsvs services always uses up all the remaining CPU power, keeping the CPU usage at 100% at all times.

Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Allen (2016-05-11 10:59:56) Run:1
Running from C:\Users\Allen\Desktop
Loaded Profiles: Allen (Available Profiles: Allen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\...\Run: [PC_GIZMOS] => "C:\Users\Allen\AppData\Roaming\PC-Gizmos\PC_136528.en_77.exe" --update
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
S3 mfehidk01; \Device\mfehidk01.sys [X]
2016-05-01 22:37 - 2016-05-01 22:37 - 00003242 _____ C:\Windows\System32\Tasks\{D6CA2DB1-EE53-4023-B5F4-F1857EB9217E}
2016-04-12 17:30 - 2016-04-12 17:30 - 14851183 _____ C:\Users\Allen\Downloads\gs919w64.exe
Task: {97D003CC-E9FC-4202-94CD-467FACA556F7} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION
C:\Users\Allen\AppData\Roaming\PC-Gizmos
C:\Users\All Users\dtdata
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Hosts:
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PC_GIZMOS => value removed successfully
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => not found.
c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => not found.
mfehidk01 => service removed successfully
"C:\Windows\System32\Tasks\{D6CA2DB1-EE53-4023-B5F4-F1857EB9217E}" => not found.
C:\Users\Allen\Downloads\gs919w64.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97D003CC-E9FC-4202-94CD-467FACA556F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97D003CC-E9FC-4202-94CD-467FACA556F7}" => key removed successfully
C:\Windows\System32\Tasks\DefaultCheck => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultCheck" => key removed successfully
"C:\Users\Allen\AppData\Roaming\PC-Gizmos" => not found.
C:\Users\All Users\dtdata => moved successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{203C05DF-B810-410E-A442-1A75E825ACBB} canceled.
{70ACBC10-CF07-4AD3-9D2A-AC1A2C74E6E8} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 1.7 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 11:15:06 ====

# AdwCleaner v5.116 - Logfile created 11/05/2016 at 11:37:42
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Allen - DELL-WIN7
# Running from : C:\Users\Allen\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\A.F.5 Rename your files 1.1
[-] Folder Deleted : C:\Users\Allen\AppData\Roaming\One System Care
[-] Folder Deleted : C:\Users\Allen\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A.F.5 Rename your files 1.1
[-] Folder Deleted : C:\Users\Allen\AppData\Local\VirtualStore\Program Files (x86)\A.F.5 Rename your files 1.1

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A725C340-77EE-11D6-BBC2-0000CB591583}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D2E63E47-1F79-4622-AB0A-562601416017}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-1218117248-1459672485-3074969709-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fjoijdanhaiflhibkljeklcghcmmfffh
[-] [C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.yahoo.com/?type=903578&fr=spigot-yhp-ch

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2232 bytes] - [11/05/2016 11:37:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [2444 bytes] - [11/05/2016 11:28:35]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2378 bytes] ##########

Edited by tech_addict, 11 May 2016 - 10:02 AM.

#4
Essexboy

Posted 11 May 2016 - 10:17 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets see if there is a driver conflict first before I do a deep virus scan

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.

5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
7.Does svchost now hog the CPU if so could you screenshot task manager > processes

#5
tech_addict

Posted 11 May 2016 - 01:15 PM

New Member

Topic Starter
Member
9 posts

A couple of hours after my last post, the svchost.exe process stopped using all the remaining CPU capacity. It seems like Windows may have installed some updates during that time.

So I rebooted my computer to check if it had really gone away. The rebooting made Windows to install 17 updates.

For now, there's no svchost.exe process that's using up all the remaining CPU capacity.

If the problem recurs, I'll carry out your last instruction and post an update. I'll leave my computer on for the next 24 hours; I'll post an update on the status tomorrow, whether the problem recurs or not, so that this case can be closed properly.

Thanks much for all the help!

Edited by tech_addict, 11 May 2016 - 01:19 PM.

#6
Essexboy

Posted 11 May 2016 - 01:49 PM

GeekU Moderator

Retired Staff
69,964 posts

No problem I am currently having problems with the latest windows 10 build.. It will not install so I have plenty to keep me busy

#7
tech_addict

Posted 12 May 2016 - 05:46 AM

New Member

Topic Starter
Member
9 posts

As of yet, there is no return of the svchost.exe process that uses all the CPU.

It seems like it's safe to conclude that the problem has been resolved.

Once again, thank you so much for all the help!

#8
Essexboy

Posted 12 May 2016 - 06:04 AM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

#9
Essexboy

Posted 16 May 2016 - 10:34 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: malware, rootkit

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,728 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,801 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,863 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,792 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,601 views	DR M 03 Feb 2022