Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Hacked [Closed]

hacked malware

  • This topic is locked This topic is locked

#1
bhzendner

bhzendner

    Member

  • Member
  • PipPipPip
  • 219 posts

I am told someone took payroll data off this machine, found some malware but nothing that bad, help can we dig deeper?

Windows 7 Ultimate, have run Superantispyware, Malwarebytes, ...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01
Ran by Imad (administrator) on IMAD-HP (17-06-2016 14:01:23)
Running from C:\Users\Imad\Downloads
Loaded Profiles: Imad (Available Profiles: Imad & COS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Two Pilots) C:\Windows\VPDAgent_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
() C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(GlavSoft LLC.) C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(GlavSoft LLC.) C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-06-15] (LogMeIn, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-16] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo Send] => C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe [236816 2009-11-04] ()
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2013-11-21] (GlavSoft LLC.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\MountPoints2: {1a86c09a-3120-11e3-9447-806e6f6e6963} - E:\AUTORUN.exe
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk [2011-07-21]
ShortcutTarget: NETGEAR WNDA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-04-21]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{E44903B9-ACD5-4B35-B425-14AA395ED373}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {22AF4F20-8451-4D2A-A321-47B28C89ED3C} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {5DEFC874-1F48-4B1E-8B2D-78AD0E433EF7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {22AF4F20-8451-4D2A-A321-47B28C89ED3C} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5DEFC874-1F48-4B1E-8B2D-78AD0E433EF7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> DefaultScope {1EE6AD67-E1B2-47D9-88B5-4DD33EE5AE5C} URL = 
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {22AF4F20-8451-4D2A-A321-47B28C89ED3C} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {5DEFC874-1F48-4B1E-8B2D-78AD0E433EF7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-27] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: No Name -> {912C156F-05CF-4B62-851A-96E167A677B0} -> No File
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-27] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-02-27] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1996245975-2301006141-3792022614-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox => not found
 
Chrome: 
=======
CHR Profile: C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24]
CHR Extension: (Google Search) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24]
CHR Extension: (No Name) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-10-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-04-09] (SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2014-05-20] (Two Pilots) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-04-20] (Macrovision Europe Ltd.) [File not signed]
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [107576 2010-03-11] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-06-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [26624 2015-07-14] (The Neat Company) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
R2 tvnserver; C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2013-11-21] (GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-05] (AVG Technologies)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-10-01] (Atheros Communications, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-06-15] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WNDA3100; C:\Windows\System32\DRIVERS\WNDA31w7x.sys [767488 2009-10-21] (Atheros Communications, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-17 13:59 - 2016-06-17 14:03 - 00022207 _____ C:\Users\Imad\Downloads\FRST.txt
2016-06-17 13:59 - 2016-06-17 14:00 - 00000000 ____D C:\FRST
2016-06-17 13:57 - 2016-06-17 13:57 - 02386944 _____ (Farbar) C:\Users\Imad\Downloads\FRST64 (1).exe
2016-06-17 13:52 - 2016-06-17 13:52 - 02386944 _____ (Farbar) C:\Users\Imad\Downloads\FRST64.exe
2016-06-16 22:39 - 2016-06-06 09:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-16 22:39 - 2016-06-06 09:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-16 22:39 - 2016-06-03 06:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-16 22:39 - 2016-05-27 06:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-16 22:39 - 2016-05-27 06:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-16 22:39 - 2016-05-27 06:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-16 22:39 - 2016-05-27 06:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-16 22:39 - 2016-05-22 06:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-16 22:39 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-16 22:39 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-16 22:39 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-16 22:39 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-16 22:39 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-16 22:39 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-16 22:39 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-16 22:39 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-16 22:39 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-16 22:39 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-16 22:39 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-16 22:39 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-16 22:39 - 2016-05-12 10:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-16 22:39 - 2016-05-12 10:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-16 22:39 - 2016-05-12 10:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-16 22:39 - 2016-05-12 10:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-16 22:39 - 2016-05-12 10:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-16 22:39 - 2016-05-12 10:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-16 22:39 - 2016-05-12 10:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-16 22:39 - 2016-05-12 08:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-16 22:39 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-16 22:39 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-16 22:39 - 2016-05-12 07:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-16 22:39 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-16 22:39 - 2016-05-12 07:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-16 22:39 - 2016-05-12 07:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-16 22:39 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-16 22:39 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-16 22:39 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-16 22:39 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-16 22:39 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-16 22:39 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-16 22:38 - 2016-05-23 16:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-16 22:38 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-16 22:38 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-16 22:38 - 2016-05-20 15:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-16 22:38 - 2016-05-20 15:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-16 22:38 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-16 22:38 - 2016-05-20 15:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-16 22:38 - 2016-05-20 15:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-16 22:38 - 2016-05-20 15:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-16 22:38 - 2016-05-20 15:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-16 22:38 - 2016-05-20 15:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-16 22:38 - 2016-05-20 14:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-16 22:38 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-16 22:38 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-16 22:38 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-16 22:38 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-16 22:38 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-16 22:38 - 2016-05-20 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-16 22:38 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-16 22:38 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-16 22:38 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-16 22:38 - 2016-05-20 14:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-16 22:38 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-16 22:38 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-16 22:38 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-16 22:38 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-16 22:38 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-16 22:38 - 2016-05-20 14:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-16 22:38 - 2016-05-20 14:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-16 22:38 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-16 22:38 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-16 22:38 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-16 22:38 - 2016-05-20 14:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-16 22:38 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-16 22:38 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-16 22:38 - 2016-05-20 14:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-16 22:38 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-16 22:38 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-16 22:38 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-16 22:38 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-16 22:38 - 2016-05-20 14:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-16 22:38 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-16 22:38 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-16 22:38 - 2016-05-20 14:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-16 22:38 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-16 22:38 - 2016-05-20 14:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-16 22:38 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-16 22:38 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-16 22:38 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-16 22:38 - 2016-05-20 13:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-16 22:38 - 2016-05-20 13:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-16 22:38 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-16 22:38 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-16 22:38 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-16 22:38 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-16 22:38 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-16 22:38 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-16 22:38 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-16 22:38 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-16 22:38 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-16 22:38 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-16 22:38 - 2016-05-12 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-16 22:38 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-16 22:38 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-16 22:38 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-16 22:38 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-16 22:38 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-16 22:38 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-16 22:38 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-16 22:38 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-16 22:38 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-16 22:38 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-16 22:38 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-16 22:38 - 2016-04-14 09:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-16 22:38 - 2016-04-14 09:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-16 22:38 - 2016-04-14 09:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-16 22:38 - 2016-04-14 09:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-16 22:38 - 2016-04-14 09:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-16 22:38 - 2016-04-14 09:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-16 22:38 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-16 22:38 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-16 22:38 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-16 22:38 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-16 22:38 - 2016-04-14 08:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-16 22:38 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-16 22:38 - 2016-04-08 23:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-16 22:38 - 2016-04-08 23:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-16 22:38 - 2016-04-08 23:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-16 22:38 - 2016-04-08 23:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-16 22:38 - 2016-04-08 22:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-16 22:38 - 2016-04-08 22:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-16 22:38 - 2016-03-09 12:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-16 22:38 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-16 22:37 - 2016-05-21 10:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-16 22:37 - 2016-05-20 15:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-16 22:37 - 2016-05-20 15:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-16 22:37 - 2016-05-20 15:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-16 22:37 - 2016-05-20 14:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-16 22:37 - 2016-05-20 14:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-16 22:37 - 2016-05-20 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-16 22:37 - 2016-05-20 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-16 22:37 - 2016-05-20 14:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-16 22:37 - 2016-05-20 14:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-16 22:37 - 2016-05-20 14:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-16 22:37 - 2016-05-20 14:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-16 22:37 - 2016-05-20 14:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-16 22:37 - 2016-05-20 14:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-16 22:37 - 2016-05-20 13:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-16 12:27 - 2016-06-07 13:17 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2016-06-16 12:01 - 2016-06-16 12:01 - 00000000 ____D C:\$SysReset
2016-06-10 15:38 - 2016-06-10 15:38 - 00197673 _____ C:\Users\Imad\Downloads\SP_Deposit-Account-Vertification_Sept_4.pdf
2016-06-08 12:16 - 2016-06-08 12:16 - 00132295 _____ C:\Users\Imad\Downloads\34B4W2s (1).pdf
2016-06-08 12:15 - 2016-06-08 12:15 - 00132295 _____ C:\Users\Imad\Downloads\34B4W2s.pdf
2016-06-07 18:54 - 2016-06-07 18:54 - 00008192 _____ C:\Windows\system32\config\userdiff
2016-06-07 17:22 - 2016-06-07 18:45 - 00014263 _____ C:\Windows\diagerr.xml
2016-06-07 17:22 - 2016-06-07 18:45 - 00013338 _____ C:\Windows\diagwrn.xml
2016-05-31 13:13 - 2016-06-17 03:19 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-05-31 13:13 - 2016-06-07 13:17 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2016-05-31 13:13 - 2016-05-31 13:13 - 00000000 ____D C:\Users\Imad\AppData\Local\LogMeIn
2016-05-31 13:13 - 2015-10-13 08:29 - 00035616 _____ (LogMeIn, Inc.) C:\Windows\system32\LMImirr.dll
2016-05-31 13:13 - 2015-10-13 08:29 - 00014624 _____ (LogMeIn, Inc.) C:\Windows\system32\LMImirr2.dll
2016-05-31 13:13 - 2015-10-13 08:29 - 00011552 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMImirr.sys
2016-05-31 13:13 - 2015-06-15 09:14 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2016-05-31 13:09 - 2016-05-31 13:09 - 23113728 _____ C:\Users\Imad\Downloads\LogMeIn (1).msi
2016-05-31 13:05 - 2016-05-31 13:05 - 23113728 _____ C:\Users\Imad\Downloads\LogMeIn.msi
2016-05-27 12:27 - 2016-05-27 12:27 - 00007628 _____ C:\Users\Imad\AppData\Local\Resmon.ResmonCfg
2016-05-26 17:22 - 2016-05-26 17:22 - 00314506 _____ C:\Users\Imad\Documents\cc_20160526_172211.reg
2016-05-26 14:36 - 2016-05-28 13:18 - 50063360 _____ C:\Program Files (x86)\GUT912B.tmp
2016-05-26 14:36 - 2016-05-26 14:36 - 00000000 ____D C:\Program Files (x86)\GUM910B.tmp
2016-05-26 14:33 - 2016-05-26 14:35 - 06893688 _____ (Piriform Ltd) C:\Users\Imad\Downloads\ccsetup518.exe
2016-05-26 14:22 - 2016-05-26 14:22 - 00000000 ____D C:\SUPERDelete
2016-05-20 21:45 - 2016-03-09 11:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-20 21:45 - 2016-03-09 11:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-20 21:44 - 2016-04-09 00:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-20 21:44 - 2016-04-09 00:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-20 21:44 - 2016-04-08 23:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-20 21:43 - 2016-04-14 06:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-20 21:43 - 2016-04-14 06:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-20 21:43 - 2016-04-06 08:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-20 21:41 - 2016-04-09 00:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-20 21:41 - 2016-04-09 00:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-20 21:41 - 2016-04-09 00:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-20 21:41 - 2016-04-08 23:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-20 21:41 - 2016-04-08 23:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-20 21:41 - 2016-04-08 23:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-20 21:41 - 2016-04-08 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-20 21:41 - 2016-04-08 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-20 21:41 - 2016-04-08 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-20 21:41 - 2016-04-08 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-20 21:41 - 2016-04-08 23:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-20 21:41 - 2016-04-08 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-20 21:41 - 2016-04-08 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 22:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-20 21:41 - 2016-04-08 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-20 21:41 - 2016-04-08 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-20 21:41 - 2016-04-08 22:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-20 21:41 - 2016-04-08 22:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-20 21:41 - 2016-04-08 22:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-20 21:41 - 2016-04-08 22:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-20 21:41 - 2016-04-08 22:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-20 21:41 - 2016-04-08 22:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-20 21:41 - 2016-04-08 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-20 21:41 - 2016-04-08 22:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 22:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 22:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-20 21:41 - 2016-04-08 22:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-20 21:40 - 2016-04-08 21:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-20 21:40 - 2016-04-08 20:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-17 13:54 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-17 13:54 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-17 13:49 - 2015-04-09 14:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-17 13:40 - 2013-10-08 14:33 - 00000000 ____D C:\ProgramData\LogMeIn
2016-06-17 13:17 - 2014-07-29 12:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-17 13:05 - 2012-07-24 14:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-17 12:21 - 2015-10-30 02:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-17 12:21 - 2012-07-24 14:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-17 03:25 - 2012-07-24 14:41 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 03:25 - 2012-07-24 14:41 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 03:16 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-17 03:15 - 2009-07-13 21:45 - 00280544 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-17 03:12 - 2014-12-10 04:49 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-17 03:10 - 2013-10-10 03:06 - 00000000 ____D C:\Windows\system32\MRT
2016-06-17 03:05 - 2013-10-10 03:06 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-16 13:10 - 2015-04-09 14:50 - 00000000 ____D C:\Users\COS
2016-06-16 13:10 - 2013-04-24 14:19 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2016-06-16 13:10 - 2013-03-20 03:02 - 00000000 ____D C:\Windows\system32\SPReview
2016-06-16 13:10 - 2013-03-20 03:00 - 00000000 ____D C:\Windows\system32\EventProviders
2016-06-16 13:10 - 2013-01-11 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-06-16 13:10 - 2011-06-25 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-06-16 13:10 - 2011-06-25 17:42 - 00000000 ____D C:\Users\Imad
2016-06-16 13:10 - 2011-06-25 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2016-06-16 13:10 - 2009-07-14 00:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-06-16 13:10 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2016-06-16 13:09 - 2015-08-22 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat
2016-06-16 13:09 - 2015-04-09 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
2016-06-16 13:09 - 2015-04-09 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-16 13:09 - 2013-03-14 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-16 13:09 - 2012-12-16 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2016-06-16 13:09 - 2012-11-28 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
2016-06-16 13:09 - 2012-10-31 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-06-16 13:09 - 2012-07-24 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-06-16 13:09 - 2012-07-24 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-16 13:09 - 2012-07-24 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-06-16 13:09 - 2012-07-24 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-06-16 13:09 - 2011-09-09 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2011
2016-06-16 13:09 - 2011-07-21 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100 Adapter
2016-06-16 13:09 - 2011-07-20 09:52 - 00000000 ____D C:\ProgramData\HP
2016-06-16 13:09 - 2011-04-21 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2016-06-16 13:09 - 2011-04-21 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2016-06-16 13:09 - 2011-04-21 09:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2016-06-16 13:09 - 2011-04-21 09:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2016-06-16 13:09 - 2011-04-21 09:45 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-06-16 13:09 - 2011-04-21 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2016-06-16 13:09 - 2011-04-21 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-06-16 13:09 - 2011-04-21 09:41 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2016-06-16 13:09 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-16 13:09 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-16 12:22 - 2012-07-24 14:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-16 12:02 - 2011-12-01 08:40 - 00000000 ____D C:\Users\Imad\AppData\Roaming\SoftGrid Client
2016-06-15 13:40 - 2011-09-09 15:32 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-08 12:02 - 2013-10-08 14:33 - 00001024 _____ C:\.rnd
2016-06-07 18:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-06-07 18:44 - 2015-08-22 12:03 - 00003212 _____ C:\Windows\System32\Tasks\{8EE2A088-684C-455F-B285-3584916727C3}
2016-06-07 18:44 - 2014-09-11 14:00 - 00003820 _____ C:\Windows\System32\Tasks\Imad5 Merge
2016-06-07 18:44 - 2014-09-11 10:55 - 00003990 _____ C:\Windows\System32\Tasks\Imad5
2016-06-07 18:44 - 2014-09-11 10:52 - 00003820 _____ C:\Windows\System32\Tasks\Imad4 Merge
2016-06-07 18:44 - 2014-09-11 10:52 - 00003804 _____ C:\Windows\System32\Tasks\Imad4
2016-06-07 18:44 - 2014-08-17 11:58 - 00003990 _____ C:\Windows\System32\Tasks\Imad3
2016-06-07 18:44 - 2014-08-17 11:58 - 00003820 _____ C:\Windows\System32\Tasks\Imad3 Merge
2016-06-07 18:44 - 2014-08-15 15:00 - 00003820 _____ C:\Windows\System32\Tasks\Imad2 Merge
2016-06-07 18:44 - 2014-08-15 10:56 - 00003990 _____ C:\Windows\System32\Tasks\Imad2
2016-06-07 18:44 - 2014-08-14 11:56 - 00003820 _____ C:\Windows\System32\Tasks\Imad1 Merge
2016-06-07 18:44 - 2014-08-14 11:54 - 00003990 _____ C:\Windows\System32\Tasks\Imad1
2016-06-07 18:44 - 2014-08-14 11:53 - 00003818 _____ C:\Windows\System32\Tasks\Imad Merge
2016-06-07 18:44 - 2014-08-14 11:53 - 00003802 _____ C:\Windows\System32\Tasks\Imad
2016-06-07 18:44 - 2014-08-14 11:52 - 00003594 _____ C:\Windows\System32\Tasks\Imad DBAgent 2 0
2016-06-07 18:44 - 2014-08-14 11:51 - 00003606 _____ C:\Windows\System32\Tasks\Seagate_Install_Launch
2016-06-07 18:44 - 2014-08-01 12:49 - 00003706 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 6700
2016-06-07 18:44 - 2014-07-29 12:42 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-07 18:44 - 2013-02-04 14:03 - 00003694 _____ C:\Windows\System32\Tasks\mxsjydwwoupd
2016-06-07 18:44 - 2012-07-24 14:43 - 00002880 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-07 18:44 - 2012-07-24 14:40 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-07 18:44 - 2012-07-24 14:40 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-07 18:44 - 2011-07-21 09:16 - 00004028 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C2A4FB7-FAC9-4E14-948D-0554338DD147}
2016-06-07 18:44 - 2011-06-25 17:52 - 00003852 _____ C:\Windows\System32\Tasks\RecoveryCDWin7
2016-06-07 18:34 - 2011-04-21 10:11 - 00000000 ____D C:\Users\Default\AppData\Local\HuluDesktop
2016-06-07 18:34 - 2011-04-21 10:11 - 00000000 ____D C:\Users\Default User\AppData\Local\HuluDesktop
2016-06-07 17:18 - 2009-07-24 12:22 - 00000000 ____D C:\Windows\Panther
2016-06-07 16:03 - 2011-11-28 22:03 - 00000000 ____D C:\Users\Imad\AppData\Local\CrashDumps
2016-06-07 13:18 - 2013-10-08 14:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-06-02 13:02 - 2012-01-26 10:41 - 00000000 ____D C:\Users\Imad\Documents\New Dawn Eldercare
2016-05-31 13:07 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-31 12:59 - 2013-10-08 14:23 - 00000000 ____D C:\Users\Imad\AppData\Local\Deployment
2016-05-29 03:00 - 2015-04-04 03:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-29 03:00 - 2015-04-04 03:02 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-28 13:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Cursors
2016-05-26 14:38 - 2012-07-24 14:43 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-26 14:28 - 2012-08-23 10:06 - 00000000 ____D C:\temp
2016-05-26 14:25 - 2015-04-09 14:53 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-26 14:25 - 2015-04-09 14:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-21 13:17 - 2012-07-24 14:31 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-21 13:17 - 2011-07-21 09:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-21 05:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-05-21 04:04 - 2009-07-13 22:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-21 03:45 - 2009-07-14 00:45 - 00000000 ____D C:\Program Files\Windows Journal
 
==================== Files in the root of some directories =======
 
2016-05-26 14:36 - 2016-05-28 13:18 - 50063360 _____ () C:\Program Files (x86)\GUT912B.tmp
2016-05-27 12:27 - 2016-05-27 12:27 - 0007628 _____ () C:\Users\Imad\AppData\Local\Resmon.ResmonCfg
2015-04-20 15:06 - 2015-04-20 15:06 - 0000000 _____ () C:\Users\Imad\AppData\Local\{FED1FB60-3755-4B41-ABD8-3885FC184BA2}
2014-08-01 12:45 - 2014-08-01 12:45 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2016-05-18 00:08
 
==================== End of FRST.txt ============================
 
LastRegBack: 2016-05-18 00:08
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
Ran by Imad (2016-06-17 14:04:54)
Running from C:\Users\Imad\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-26 00:42:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1996245975-2301006141-3792022614-500 - Administrator - Disabled)
COS (S-1-5-21-1996245975-2301006141-3792022614-1003 - Administrator - Enabled) => C:\Users\COS
Guest (S-1-5-21-1996245975-2301006141-3792022614-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1996245975-2301006141-3792022614-1002 - Limited - Enabled)
Imad (S-1-5-21-1996245975-2301006141-3792022614-1000 - Administrator - Enabled) => C:\Users\Imad
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-22 12:07 - 2014-05-20 12:01 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2010-03-11 17:50 - 2010-03-11 17:50 - 00107576 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
2010-03-11 17:50 - 2010-03-11 17:50 - 00107576 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
2010-04-22 17:33 - 2010-04-22 17:33 - 00323808 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2010-04-22 17:33 - 2010-04-22 17:33 - 00323808 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2009-06-08 16:45 - 2009-06-08 16:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-21 09:45 - 2011-04-21 09:45 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-18 10:21 - 2010-01-18 10:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-01-18 10:21 - 2010-01-18 10:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2011-06-01 09:42 - 2011-06-01 09:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-06-01 09:46 - 2011-06-01 09:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2009-11-04 17:29 - 2009-11-04 17:29 - 00378128 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Memeo.Client.dll
2009-11-04 17:29 - 2009-11-04 17:29 - 00378128 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Memeo.Client.dll
2009-11-04 17:29 - 2009-11-04 17:29 - 00837904 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.Utility.dll
2009-11-04 17:29 - 2009-11-04 17:29 - 00837904 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.Utility.dll
2009-11-04 17:29 - 2009-11-04 17:29 - 00040208 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.Interop.dll
2009-11-04 17:29 - 2009-11-04 17:29 - 00300816 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.DataClad.DataAccess.dll
2010-04-22 17:33 - 2010-04-22 17:33 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2010-04-22 17:33 - 2010-04-22 17:33 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 15:59 - 2010-03-22 15:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2011-06-01 09:16 - 2011-06-01 09:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2011-06-01 09:16 - 2011-06-01 09:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2016-06-17 03:24 - 2016-06-03 18:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-17 03:24 - 2016-06-03 18:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-17 03:24 - 2016-06-03 18:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2016-06-17 03:24 - 2016-06-03 18:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
 1394 Devices"
6B8-00C04FA372A7} => ""="SBP2 IEEE 1394 Devices"
ver Group"
 
 Group"
Group"
"Service"
"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
vice"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
ice"
Group"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
"="Service"
"
 
ice"
 
 
er"
02BE10318} => ""="CD-ROM Drive"
002BE10318} => ""="Standard floppy disk controller"
08002BE10318} => ""="Hdc"
1-08002BE10318} => ""="NetClient"
318} => ""="PCMCIA Adapters"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Imad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
16-06-2016 12:31:08 Windows Update
17-06-2016 03:00:17 Windows Update
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/17/2016 12:32:29 PM) (Source: ESENT) (EventID: 467) (User: )
Description: DllHost (4580) WebCacheLocal: Database C:\Users\Imad\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Index PartitionIdIndex of table Containers is corrupted (0).
 
Error: (06/17/2016 03:29:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (06/17/2016 03:20:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (06/17/2016 03:20:05 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=E10}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....6120.5005.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).
 
Error: (06/17/2016 03:20:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (06/17/2016 03:20:05 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=E10}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....6120.5005.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).
 
Error: (06/16/2016 12:38:11 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (06/16/2016 12:28:13 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=DD0}
The client was unable to connect to an Application Virtualization Server (rc 24604E0A-40000193)
 
Error: (06/16/2016 12:28:12 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=DD0}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....6120.5005.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).
 
Error: (06/07/2016 03:54:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 6.0.0.1220, time stamp: 0x5717e096
Faulting module name: SUPERAntiSpyware.exe, version: 6.0.0.1220, time stamp: 0x5717e096
Exception code: 0xc0000005
Fault offset: 0x00000000000aad23
Faulting process id: 0xae4
Faulting application start time: 0xSUPERAntiSpyware.exe0
Faulting application path: SUPERAntiSpyware.exe1
Faulting module path: SUPERAntiSpyware.exe2
Report Id: SUPERAntiSpyware.exe3
 
 
System errors:
=============
Error: (06/17/2016 03:18:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1070 = After starting, the service hung in a start-pending state.
 
 
Error: (06/17/2016 03:18:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.
 
Error: (06/17/2016 03:16:21 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5 = Access is denied.
.
 
Error: (06/16/2016 12:25:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1070 = After starting, the service hung in a start-pending state.
 
 
Error: (06/16/2016 12:25:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.
 
Error: (06/16/2016 12:23:35 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5 = Access is denied.
.
 
Error: (06/16/2016 12:22:43 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (06/07/2016 01:18:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LMIGuardianSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/01/2016 08:18:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/01/2016 02:10:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.223.427.0).
 
06/17/2016 03:20:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (06/17/2016 03:20:05 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=E10}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....6120.5005.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).
 
Error: (06/17/2016 03:20:05 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (06/17/2016 03:20:05 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=E10}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....6120.5005.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).
 
Error: (06/16/2016 12:38:11 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (06/16/2016 12:28:13 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=DD0}
The client was unable to connect to an Application Virtualization Server (rc 24604E0A-40000193)
 
Error: (06/16/2016 12:28:12 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=DD0}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....6120.5005.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).
 
Error: (06/07/2016 03:54:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 6.0.0.1220, time stamp: 0x5717e096
Faulting module name: SUPERAntiSpyware.exe, version: 6.0.0.1220, time stamp: 0x5717e096
Exception code: 0xc0000005
Fault offset: 0x00000000000aad23
Faulting process id: 0xae4
Faulting application start time: 0xSUPERAntiSpyware.exe0
Faulting application path: SUPERAntiSpyware.exe1
Faulting module path: SUPERAntiSpyware.exe2
Report Id: SUPERAntiSpyware.exe3
 
 
System errors:
=============
Error: (06/17/2016 03:18:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1070 = After starting, the service hung in a start-pending state.
 
 
Error: (06/17/2016 03:18:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.
 
Error: (06/17/2016 03:16:21 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5 = Access is denied.
.
 
Error: (06/16/2016 12:25:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1070 = After starting, the service hung in a start-pending state.
 
 
Error: (06/16/2016 12:25:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.
 
Error: (06/16/2016 12:23:35 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5 = Access is denied.
.
 
Error: (06/16/2016 12:22:43 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (06/07/2016 01:18:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LMIGuardianSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/01/2016 08:18:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/01/2016 02:10:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.223.427.0).
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 250 Processor
Percentage of memory in use: 92%
Total physical RAM: 2815.29 MB
Available physical RAM: 198.23 MB
Total Virtual: 5628.75 MB
Available Virtual: 3117.59 MB
 
==================== Drives ================================
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 250 Processor
Percentage of memory in use: 93%
Total physical RAM: 2815.29 MB
Available physical RAM: 195.11 MB
Total Virtual: 5628.75 MB
Available Virtual: 3112.62 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:584.01 GB) (Free:498.37 GB) NTFS
Drive c: (OS) (Fixed) (Total:584.01 GB) (Free:498.37 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.06 GB) (Free:1.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (NeatConnect) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:3726.02 GB) (Free:3189.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1BF4EFF6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================Drive d: (HP_RECOVERY) (Fixed) (Total:12.06 GB) (Free:1.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (NeatConnect) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:3726.02 GB) (Free:3189.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1BF4EFF6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================

Edited by bhzendner, 17 June 2016 - 03:09 PM.

  • 0

Advertisements


#2
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi bhzendner,

Welcome to :welcome:. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.
  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
Let's get started.

I am currently analyzing your log, will get back to you as soon as I can.
  • 0

#3
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi bhzendner,


Warning: One or more of the identified infections on your computer is known to use a backdoor
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted.Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward. If you decide to continue with the cleanup, please proceed with the following steps. :thumbsup:


TDSSKiller_Kaspersky.pngScan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.
Alternate download is here.

Select the executable(.EXE) package as the download.
  • Right-click on TDSSKiller_Kaspersky.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool. If it won't run please right click on tdskiller.exe and rename it to winlogon.exe and see if that allows you to run it.
  • When the main GUI (graphical user interface) window opens, click on Change Parameters.
  • Put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • TDSSKiller will run automatically after reboot. Click on Change parameters.
  • Make sure that Verify driver digital signatures & Detect TDLFS File System are checked and click OK.
  • Click the Start Scan button and wait patiently.
If anything will be found follow this guidelines:
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    > Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    > If Cure is not available, please choose Skip instead.
  • Do not choose Delete unless instructed!
A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.


Move FRST to Desktop

I noticed that you did not run FRST from Desktop, instead from Downloads folder. Do note to move FRST from your Downloads (C:\Users\Imad\Downloads) folder to Desktop(C:\Users\Imad\Desktop).


FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.
In your next reply, please include the following:
  • TDSSKiller log
  • FRST log
  • FRST Addition log

  • 0

#4
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts

Great running now. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Imad (administrator) on IMAD-HP (23-06-2016 13:46:01)
Running from C:\Users\Imad\Desktop
Loaded Profiles: Imad (Available Profiles: Imad & COS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Two Pilots) C:\Windows\VPDAgent_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
() C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(GlavSoft LLC.) C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(GlavSoft LLC.) C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Imad\AppData\Local\Google\Chrome\User Data\SwReporter\7.58.0\software_reporter_tool.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-06-15] (LogMeIn, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-16] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo Send] => C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe [236816 2009-11-04] ()
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2013-11-21] (GlavSoft LLC.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\MountPoints2: {1a86c09a-3120-11e3-9447-806e6f6e6963} - E:\AUTORUN.exe
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk [2011-07-21]
ShortcutTarget: NETGEAR WNDA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-04-21]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{E44903B9-ACD5-4B35-B425-14AA395ED373}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {22AF4F20-8451-4D2A-A321-47B28C89ED3C} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {5DEFC874-1F48-4B1E-8B2D-78AD0E433EF7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {22AF4F20-8451-4D2A-A321-47B28C89ED3C} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5DEFC874-1F48-4B1E-8B2D-78AD0E433EF7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> DefaultScope {1EE6AD67-E1B2-47D9-88B5-4DD33EE5AE5C} URL = 
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {22AF4F20-8451-4D2A-A321-47B28C89ED3C} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {5DEFC874-1F48-4B1E-8B2D-78AD0E433EF7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-27] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: No Name -> {912C156F-05CF-4B62-851A-96E167A677B0} -> No File
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-27] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-02-27] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1996245975-2301006141-3792022614-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox => not found
 
Chrome: 
=======
CHR Profile: C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24]
CHR Extension: (Google Search) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24]
CHR Extension: (No Name) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-10-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-04-09] (SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2014-05-20] (Two Pilots) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-04-20] (Macrovision Europe Ltd.) [File not signed]
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [107576 2010-03-11] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-06-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [26624 2015-07-14] (The Neat Company) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
R2 tvnserver; C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2013-11-21] (GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-05] (AVG Technologies)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-10-01] (Atheros Communications, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-06-15] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-23] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WNDA3100; C:\Windows\System32\DRIVERS\WNDA31w7x.sys [767488 2009-10-21] (Atheros Communications, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-23 13:46 - 2016-06-23 13:54 - 00022087 _____ C:\Users\Imad\Desktop\FRST.txt
2016-06-23 13:45 - 2016-06-23 13:45 - 00000000 ____D C:\Users\Imad\Desktop\FRST-OlderVersion
2016-06-23 13:43 - 2016-06-23 13:43 - 01193680 _____ (Adobe Systems Incorporated) C:\Users\Imad\Downloads\flashplayer22axau_ha_install.exe
2016-06-23 13:37 - 2016-06-23 13:44 - 00737848 _____ C:\TDSSKiller.3.1.0.9_23.06.2016_13.37.42_log.txt
2016-06-23 13:24 - 2016-06-23 13:26 - 00005402 _____ C:\TDSSKiller.3.1.0.9_23.06.2016_13.24.23_log.txt
2016-06-23 13:23 - 2016-06-23 13:24 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Imad\Downloads\tdsskiller.exe
2016-06-17 14:04 - 2016-06-17 14:06 - 00023236 _____ C:\Users\Imad\Downloads\Addition.txt
2016-06-17 13:59 - 2016-06-23 13:46 - 00000000 ____D C:\FRST
2016-06-17 13:59 - 2016-06-17 14:08 - 00069785 _____ C:\Users\Imad\Downloads\FRST.txt
2016-06-17 13:57 - 2016-06-17 13:57 - 02386944 _____ (Farbar) C:\Users\Imad\Downloads\FRST64 (1).exe
2016-06-17 13:52 - 2016-06-23 13:45 - 02387456 _____ (Farbar) C:\Users\Imad\Desktop\FRST64.exe
2016-06-16 22:39 - 2016-06-06 09:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-16 22:39 - 2016-06-06 09:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-16 22:39 - 2016-06-03 06:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-16 22:39 - 2016-05-27 06:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-16 22:39 - 2016-05-27 06:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-16 22:39 - 2016-05-27 06:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-16 22:39 - 2016-05-27 06:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-16 22:39 - 2016-05-22 06:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-16 22:39 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-16 22:39 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-16 22:39 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-16 22:39 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-16 22:39 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-16 22:39 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-16 22:39 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-16 22:39 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-16 22:39 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-16 22:39 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-16 22:39 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-16 22:39 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-16 22:39 - 2016-05-12 10:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-16 22:39 - 2016-05-12 10:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-16 22:39 - 2016-05-12 10:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-16 22:39 - 2016-05-12 10:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-16 22:39 - 2016-05-12 10:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-16 22:39 - 2016-05-12 10:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-16 22:39 - 2016-05-12 10:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-16 22:39 - 2016-05-12 10:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-16 22:39 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-16 22:39 - 2016-05-12 08:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-16 22:39 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-16 22:39 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-16 22:39 - 2016-05-12 07:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-16 22:39 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-16 22:39 - 2016-05-12 07:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-16 22:39 - 2016-05-12 07:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-16 22:39 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-16 22:39 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-16 22:39 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-16 22:39 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-16 22:39 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-16 22:39 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-16 22:38 - 2016-05-23 16:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-16 22:38 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-16 22:38 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-16 22:38 - 2016-05-20 15:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-16 22:38 - 2016-05-20 15:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-16 22:38 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-16 22:38 - 2016-05-20 15:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-16 22:38 - 2016-05-20 15:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-16 22:38 - 2016-05-20 15:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-16 22:38 - 2016-05-20 15:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-16 22:38 - 2016-05-20 15:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-16 22:38 - 2016-05-20 14:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-16 22:38 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-16 22:38 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-16 22:38 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-16 22:38 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-16 22:38 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-16 22:38 - 2016-05-20 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-16 22:38 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-16 22:38 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-16 22:38 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-16 22:38 - 2016-05-20 14:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-16 22:38 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-16 22:38 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-16 22:38 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-16 22:38 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-16 22:38 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-16 22:38 - 2016-05-20 14:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-16 22:38 - 2016-05-20 14:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-16 22:38 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-16 22:38 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-16 22:38 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-16 22:38 - 2016-05-20 14:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-16 22:38 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-16 22:38 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-16 22:38 - 2016-05-20 14:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-16 22:38 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-16 22:38 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-16 22:38 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-16 22:38 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-16 22:38 - 2016-05-20 14:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-16 22:38 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-16 22:38 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-16 22:38 - 2016-05-20 14:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-16 22:38 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-16 22:38 - 2016-05-20 14:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-16 22:38 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-16 22:38 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-16 22:38 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-16 22:38 - 2016-05-20 13:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-16 22:38 - 2016-05-20 13:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-16 22:38 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-16 22:38 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-16 22:38 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-16 22:38 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-16 22:38 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-16 22:38 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-16 22:38 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-16 22:38 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-16 22:38 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-16 22:38 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-16 22:38 - 2016-05-12 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-16 22:38 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-16 22:38 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-16 22:38 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-16 22:38 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-16 22:38 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-16 22:38 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-16 22:38 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-16 22:38 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-16 22:38 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-16 22:38 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-16 22:38 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-16 22:38 - 2016-04-14 09:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-16 22:38 - 2016-04-14 09:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-16 22:38 - 2016-04-14 09:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-16 22:38 - 2016-04-14 09:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-16 22:38 - 2016-04-14 09:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-16 22:38 - 2016-04-14 09:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-16 22:38 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-16 22:38 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-16 22:38 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-16 22:38 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-16 22:38 - 2016-04-14 08:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-16 22:38 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-16 22:38 - 2016-04-08 23:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-16 22:38 - 2016-04-08 23:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-16 22:38 - 2016-04-08 23:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-16 22:38 - 2016-04-08 23:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-16 22:38 - 2016-04-08 22:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-16 22:38 - 2016-04-08 22:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-16 22:38 - 2016-03-09 12:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-16 22:38 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-16 22:37 - 2016-05-21 10:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-16 22:37 - 2016-05-20 15:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-16 22:37 - 2016-05-20 15:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-16 22:37 - 2016-05-20 15:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-16 22:37 - 2016-05-20 14:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-16 22:37 - 2016-05-20 14:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-16 22:37 - 2016-05-20 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-16 22:37 - 2016-05-20 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-16 22:37 - 2016-05-20 14:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-16 22:37 - 2016-05-20 14:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-16 22:37 - 2016-05-20 14:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-16 22:37 - 2016-05-20 14:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-16 22:37 - 2016-05-20 14:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-16 22:37 - 2016-05-20 14:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-16 22:37 - 2016-05-20 13:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-16 12:27 - 2016-06-07 13:17 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2016-06-16 12:01 - 2016-06-16 12:01 - 00000000 ____D C:\$SysReset
2016-06-10 15:38 - 2016-06-10 15:38 - 00197673 _____ C:\Users\Imad\Downloads\SP_Deposit-Account-Vertification_Sept_4.pdf
2016-06-08 12:16 - 2016-06-08 12:16 - 00132295 _____ C:\Users\Imad\Downloads\34B4W2s (1).pdf
2016-06-08 12:15 - 2016-06-08 12:15 - 00132295 _____ C:\Users\Imad\Downloads\34B4W2s.pdf
2016-06-07 18:54 - 2016-06-07 18:54 - 00008192 _____ C:\Windows\system32\config\userdiff
2016-06-07 17:22 - 2016-06-07 18:45 - 00014263 _____ C:\Windows\diagerr.xml
2016-06-07 17:22 - 2016-06-07 18:45 - 00013338 _____ C:\Windows\diagwrn.xml
2016-05-31 13:13 - 2016-06-23 13:35 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-05-31 13:13 - 2016-06-07 13:17 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2016-05-31 13:13 - 2016-05-31 13:13 - 00000000 ____D C:\Users\Imad\AppData\Local\LogMeIn
2016-05-31 13:13 - 2015-10-13 08:29 - 00035616 _____ (LogMeIn, Inc.) C:\Windows\system32\LMImirr.dll
2016-05-31 13:13 - 2015-10-13 08:29 - 00014624 _____ (LogMeIn, Inc.) C:\Windows\system32\LMImirr2.dll
2016-05-31 13:13 - 2015-10-13 08:29 - 00011552 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMImirr.sys
2016-05-31 13:13 - 2015-06-15 09:14 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2016-05-31 13:09 - 2016-05-31 13:09 - 23113728 _____ C:\Users\Imad\Downloads\LogMeIn (1).msi
2016-05-31 13:05 - 2016-05-31 13:05 - 23113728 _____ C:\Users\Imad\Downloads\LogMeIn.msi
2016-05-27 12:27 - 2016-05-27 12:27 - 00007628 _____ C:\Users\Imad\AppData\Local\Resmon.ResmonCfg
2016-05-26 17:22 - 2016-05-26 17:22 - 00314506 _____ C:\Users\Imad\Documents\cc_20160526_172211.reg
2016-05-26 14:36 - 2016-05-28 13:18 - 50063360 _____ C:\Program Files (x86)\GUT912B.tmp
2016-05-26 14:36 - 2016-05-26 14:36 - 00000000 ____D C:\Program Files (x86)\GUM910B.tmp
2016-05-26 14:33 - 2016-05-26 14:35 - 06893688 _____ (Piriform Ltd) C:\Users\Imad\Downloads\ccsetup518.exe
2016-05-26 14:22 - 2016-05-26 14:22 - 00000000 ____D C:\SUPERDelete
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-23 13:51 - 2013-10-08 14:33 - 00000000 ____D C:\ProgramData\LogMeIn
2016-06-23 13:44 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-23 13:44 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-23 13:38 - 2015-04-09 14:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-23 13:31 - 2014-07-29 12:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-23 13:31 - 2012-07-24 14:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-23 13:31 - 2012-07-24 14:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-23 13:31 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-23 13:30 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-23 13:30 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 13:27 - 2011-12-01 08:40 - 00000000 ____D C:\Users\Imad\AppData\Roaming\SoftGrid Client
2016-06-23 03:11 - 2013-03-14 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-20 14:31 - 2011-11-28 22:03 - 00000000 ____D C:\Users\Imad\AppData\Local\CrashDumps
2016-06-20 14:12 - 2015-08-22 12:28 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-17 19:42 - 2012-07-24 14:41 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 19:42 - 2012-07-24 14:41 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 12:21 - 2015-10-30 02:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-06-17 03:15 - 2009-07-13 21:45 - 00280544 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-17 03:12 - 2014-12-10 04:49 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-17 03:10 - 2013-10-10 03:06 - 00000000 ____D C:\Windows\system32\MRT
2016-06-17 03:05 - 2013-10-10 03:06 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-16 13:10 - 2015-04-09 14:50 - 00000000 ____D C:\Users\COS
2016-06-16 13:10 - 2013-04-24 14:19 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2016-06-16 13:10 - 2013-03-20 03:02 - 00000000 ____D C:\Windows\system32\SPReview
2016-06-16 13:10 - 2013-03-20 03:00 - 00000000 ____D C:\Windows\system32\EventProviders
2016-06-16 13:10 - 2013-01-11 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-06-16 13:10 - 2011-06-25 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-06-16 13:10 - 2011-06-25 17:42 - 00000000 ____D C:\Users\Imad
2016-06-16 13:10 - 2011-06-25 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2016-06-16 13:10 - 2009-07-14 00:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-06-16 13:10 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2016-06-16 13:09 - 2015-08-22 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat
2016-06-16 13:09 - 2015-04-09 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
2016-06-16 13:09 - 2015-04-09 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-16 13:09 - 2012-12-16 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2016-06-16 13:09 - 2012-11-28 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
2016-06-16 13:09 - 2012-10-31 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-06-16 13:09 - 2012-07-24 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-06-16 13:09 - 2012-07-24 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-16 13:09 - 2012-07-24 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-06-16 13:09 - 2012-07-24 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-06-16 13:09 - 2011-09-09 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2011
2016-06-16 13:09 - 2011-07-21 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100 Adapter
2016-06-16 13:09 - 2011-07-20 09:52 - 00000000 ____D C:\ProgramData\HP
2016-06-16 13:09 - 2011-04-21 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2016-06-16 13:09 - 2011-04-21 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2016-06-16 13:09 - 2011-04-21 09:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2016-06-16 13:09 - 2011-04-21 09:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2016-06-16 13:09 - 2011-04-21 09:45 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-06-16 13:09 - 2011-04-21 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2016-06-16 13:09 - 2011-04-21 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-06-16 13:09 - 2011-04-21 09:41 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2016-06-16 13:09 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-16 13:09 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-16 12:22 - 2012-07-24 14:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-15 13:40 - 2011-09-09 15:32 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-08 12:02 - 2013-10-08 14:33 - 00001024 _____ C:\.rnd
2016-06-07 18:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-06-07 18:44 - 2015-08-22 12:03 - 00003212 _____ C:\Windows\System32\Tasks\{8EE2A088-684C-455F-B285-3584916727C3}
2016-06-07 18:44 - 2014-09-11 14:00 - 00003820 _____ C:\Windows\System32\Tasks\Imad5 Merge
2016-06-07 18:44 - 2014-09-11 10:55 - 00003990 _____ C:\Windows\System32\Tasks\Imad5
2016-06-07 18:44 - 2014-09-11 10:52 - 00003820 _____ C:\Windows\System32\Tasks\Imad4 Merge
2016-06-07 18:44 - 2014-09-11 10:52 - 00003804 _____ C:\Windows\System32\Tasks\Imad4
2016-06-07 18:44 - 2014-08-17 11:58 - 00003990 _____ C:\Windows\System32\Tasks\Imad3
2016-06-07 18:44 - 2014-08-17 11:58 - 00003820 _____ C:\Windows\System32\Tasks\Imad3 Merge
2016-06-07 18:44 - 2014-08-15 15:00 - 00003820 _____ C:\Windows\System32\Tasks\Imad2 Merge
2016-06-07 18:44 - 2014-08-15 10:56 - 00003990 _____ C:\Windows\System32\Tasks\Imad2
2016-06-07 18:44 - 2014-08-14 11:56 - 00003820 _____ C:\Windows\System32\Tasks\Imad1 Merge
2016-06-07 18:44 - 2014-08-14 11:54 - 00003990 _____ C:\Windows\System32\Tasks\Imad1
2016-06-07 18:44 - 2014-08-14 11:53 - 00003818 _____ C:\Windows\System32\Tasks\Imad Merge
2016-06-07 18:44 - 2014-08-14 11:53 - 00003802 _____ C:\Windows\System32\Tasks\Imad
2016-06-07 18:44 - 2014-08-14 11:52 - 00003594 _____ C:\Windows\System32\Tasks\Imad DBAgent 2 0
2016-06-07 18:44 - 2014-08-14 11:51 - 00003606 _____ C:\Windows\System32\Tasks\Seagate_Install_Launch
2016-06-07 18:44 - 2014-08-01 12:49 - 00003706 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 6700
2016-06-07 18:44 - 2014-07-29 12:42 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-07 18:44 - 2013-02-04 14:03 - 00003694 _____ C:\Windows\System32\Tasks\mxsjydwwoupd
2016-06-07 18:44 - 2012-07-24 14:43 - 00002880 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-07 18:44 - 2012-07-24 14:40 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-07 18:44 - 2012-07-24 14:40 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-07 18:44 - 2011-07-21 09:16 - 00004028 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C2A4FB7-FAC9-4E14-948D-0554338DD147}
2016-06-07 18:44 - 2011-06-25 17:52 - 00003852 _____ C:\Windows\System32\Tasks\RecoveryCDWin7
2016-06-07 18:34 - 2011-04-21 10:11 - 00000000 ____D C:\Users\Default\AppData\Local\HuluDesktop
2016-06-07 18:34 - 2011-04-21 10:11 - 00000000 ____D C:\Users\Default User\AppData\Local\HuluDesktop
2016-06-07 17:18 - 2009-07-24 12:22 - 00000000 ____D C:\Windows\Panther
2016-06-07 13:18 - 2013-10-08 14:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-06-02 13:02 - 2012-01-26 10:41 - 00000000 ____D C:\Users\Imad\Documents\New Dawn Eldercare
2016-05-31 13:07 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-31 12:59 - 2013-10-08 14:23 - 00000000 ____D C:\Users\Imad\AppData\Local\Deployment
2016-05-29 03:00 - 2015-04-04 03:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-29 03:00 - 2015-04-04 03:02 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-28 13:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Cursors
2016-05-26 14:38 - 2012-07-24 14:43 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-26 14:28 - 2012-08-23 10:06 - 00000000 ____D C:\temp
2016-05-26 14:25 - 2015-04-09 14:53 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-26 14:25 - 2015-04-09 14:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
 
==================== Files in the root of some directories =======
 
2016-05-26 14:36 - 2016-05-28 13:18 - 50063360 _____ () C:\Program Files (x86)\GUT912B.tmp
2016-05-27 12:27 - 2016-05-27 12:27 - 0007628 _____ () C:\Users\Imad\AppData\Local\Resmon.ResmonCfg
2015-04-20 15:06 - 2015-04-20 15:06 - 0000000 _____ () C:\Users\Imad\AppData\Local\{FED1FB60-3755-4B41-ABD8-3885FC184BA2}
2014-08-01 12:45 - 2014-08-01 12:45 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-18 00:08
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Imad (2016-06-23 13:56:05)
Running from C:\Users\Imad\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-26 00:42:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1996245975-2301006141-3792022614-500 - Administrator - Disabled)
COS (S-1-5-21-1996245975-2301006141-3792022614-1003 - Administrator - Enabled) => C:\Users\COS
Guest (S-1-5-21-1996245975-2301006141-3792022614-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1996245975-2301006141-3792022614-1002 - Limited - Enabled)
Imad (S-1-5-21-1996245975-2301006141-3792022614-1000 - Administrator - Enabled) => C:\Users\Imad
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Advanced IP Scanner 2.4 (HKLM-x32\...\{C3CF783A-5457-4989-966F-7BE08812FB71}) (Version: 2.4.2601 - Famatech)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.0.1.12 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar Platform (x32 Version: 5.0.1438.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Power Assistant (HKLM\...\{6888C635-E550-4FA4-958E-CE2880B0443B}) (Version: 1.1.1.5 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.2.8.17 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version:  - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LogMeIn (HKLM-x32\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
LogMeIn (HKLM-x32\...\{CEA0C06C-C352-434A-972E-04911AAB669C}) (Version: 4.1.7682 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{26F88B15-E5F0-47D2-8176-1A9312DD44AD}) (Version: 1.3.1648 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version:  - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7252 - Memeo Inc.)
Memeo Send (HKLM-x32\...\{81784157-3D4D-4bc1-B988-B24C32A26DA8}) (Version:  - Memeo Inc.)
Memeo Share (HKLM-x32\...\{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}) (Version: 3.1.0.3265 - Memeo Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.7.1.474 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.5 - The Neat Company)
Neat Core Files (x32 Version: 5.7.1.474 - The Neat Company) Hidden
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100 (HKLM-x32\...\InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}) (Version: 3.0.0.2 - NETGEAR)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Setup Support for Weatherbug 1.0 (HKLM-x32\...\Setup Support for Weatherbug) (Version: 1.0 - Sono Control Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}) (Version: 17.0.10283 - WinZip Computing, S.L. )
WNDA3100 (x32 Version: 3.0.0.2 - NETGEAR) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BE86734-DC30-40DD-BC29-100EBB780726} - System32\Tasks\Imad2 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {1BA0C8F0-4436-4877-A082-F77432CC59ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09] (Google Inc.)
Task: {1D77E712-D1F0-4D5E-A13C-B1225F5F19F2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {1EA8A837-A18E-4E6C-88EB-306D51AD00B2} - System32\Tasks\Imad4 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {266C58EE-63E9-4B68-BC6F-3B6046905E92} - System32\Tasks\Imad3 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {38CFE1AB-2473-48FE-A3E8-40A44C5D18EA} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-04-30] (Seagate Technology LLC)
Task: {41C59218-2EB1-4805-9426-EA0BAA22AF7A} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {50F8BF41-F325-4E76-82DC-FD9BECE0FEDE} - System32\Tasks\Imad1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {540FD54C-A1EF-4764-806E-E6C6DDA8CB4C} - System32\Tasks\Imad2 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {5A839EAB-EC96-4CB7-B20D-86B11BBB7404} - System32\Tasks\Imad => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {5C685D63-3745-4116-B9CE-A4A2861A71F1} - System32\Tasks\Imad3 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {5F3E76BD-F419-4CFD-9B79-4E57D14989FA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {5FE29729-21C1-4CF1-9DD3-DC0EEC28A05A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09] (Google Inc.)
Task: {632E1272-7312-44DE-8A5C-93969D919AD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {6D9F350A-9A66-482F-AFCD-F75979C99E50} - System32\Tasks\Imad5 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {6E9D3082-6128-4D42-B09B-6135809B766C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8641EACA-C970-42A7-9FF6-796508CC19C3} - System32\Tasks\Imad DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-04-30] (Seagate Technology LLC)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AFE49B42-DB70-4B01-AB6F-DB983CFC42F9} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B9C3003C-B49B-482D-B3FA-8CCB2DE19906} - System32\Tasks\{8EE2A088-684C-455F-B285-3584916727C3} => pcalua.exe -a E:\Setup\setup_full.exe -d E:\Setup
Task: {BED92F55-FEDD-4446-9BC5-187B7455C315} - System32\Tasks\Imad Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D5ABBC86-BF95-4A96-8A90-FF1F3FC59A53} - System32\Tasks\Imad4 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {DFCFE138-8F3F-4636-A8AA-2FF53980A66B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
Task: {E1A9D325-9EB6-45D9-A264-5AF2112B8349} - System32\Tasks\mxsjydwwoupd => Cscript.exe //E:javascript C:\Windows\TEMP\jydwwo.mkt
Task: {ED4DB0A9-FA30-48A0-9996-131CE91251C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-21] (Adobe Systems Incorporated)
Task: {F3CAAAA1-0136-460A-9D94-7E205FBC5D88} - System32\Tasks\Imad1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {F7371EFF-6F4B-4C71-8E46-AD85FB1319BA} - System32\Tasks\Imad5 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {F75EC3CB-C3B8-4062-88DD-3DE243BCC241} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {F9FAC35D-B8AD-4686-8515-382EBADBBACE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-22 12:07 - 2014-05-20 12:01 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2010-03-11 17:50 - 2010-03-11 17:50 - 00107576 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
2010-01-18 10:21 - 2010-01-18 10:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-02-09 19:01 - 2010-02-09 19:01 - 01712184 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
2010-04-22 17:33 - 2010-04-22 17:33 - 00323808 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2009-06-08 16:45 - 2009-06-08 16:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-21 09:45 - 2011-04-21 09:45 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-11-04 17:29 - 2009-11-04 17:29 - 00378128 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Memeo.Client.dll
2009-11-04 17:29 - 2009-11-04 17:29 - 00837904 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.Utility.dll
2009-11-04 17:29 - 2009-11-04 17:29 - 00040208 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.Interop.dll
2009-11-04 17:29 - 2009-11-04 17:29 - 00300816 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.DataClad.DataAccess.dll
2011-06-01 09:42 - 2011-06-01 09:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-06-01 09:46 - 2011-06-01 09:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2010-04-22 17:33 - 2010-04-22 17:33 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2010-04-22 17:33 - 2010-04-22 17:33 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 15:59 - 2010-03-22 15:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2011-06-01 09:16 - 2011-06-01 09:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2011-06-01 09:16 - 2011-06-01 09:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2016-06-17 19:41 - 2016-06-15 02:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 19:41 - 2016-06-15 02:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91403178.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\91403178.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Imad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
16-06-2016 12:31:08 Windows Update
17-06-2016 03:00:17 Windows Update
23-06-2016 03:00:48 Windows Update
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/23/2016 01:45:33 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (06/23/2016 01:35:33 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=F0C}
The client was unable to connect to an Application Virtualization Server (rc 24604E0A-40000193)
 
Error: (06/23/2016 01:35:33 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604090000:tid=F0C}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....6120.5005.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).
 
Error: (06/21/2016 11:39:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
Error: (06/20/2016 02:31:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Neat.exe, version: 5.6.1.526, time stamp: 0x55a4c891
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x6b8
Faulting application start time: 0xNeat.exe0
Faulting application path: Neat.exe1
Faulting module path: Neat.exe2
Report Id: Neat.exe3
 
Error: (06/20/2016 02:31:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Neat.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.__Error.WinIOError()
   at System.IO.File.InternalReplace(System.String, System.String, System.String, Boolean)
   at System.IO.File.Replace(System.String, System.String, System.String)
   at NeatCompany.QuickScan.Core.NsdkServices.PostScanImageProcessingService.ProcessImages(NeatCompany.QuickScan.Core.NsdkServices.IPostScanImageProcessingServiceInput)
   at NeatCompany.QuickScan.Core.ProcessingServices.PostScanImageProcessingWithThumbnail(System.Collections.Generic.IList`1<System.String>, Byte[] ByRef)
   at NeatCompany.QuickScan.Core.VisualQueue.InputItemConverter.SetImages(NeatCompany.QuickScan.Interfaces.InputItem, NeatCompany.QuickScan.Core.VisualQueue.AddItemToVisualQueueMessage ByRef)
   at NeatCompany.QuickScan.Core.VisualQueue.InputItemConverter.Convert(NeatCompany.QuickScan.Interfaces.InputItem)
   at NeatCompany.QuickScan.Core.InputListener.PreProcessAndSendToOutput(NeatCompany.QuickScan.Core.InputItemWithSaveSettings)
   at NeatCompany.QuickScan.Core.InputListener.SendInputItemToVisualQueue(NeatCompany.QuickScan.Interfaces.InputItem, Boolean, Boolean)
   at NeatCompany.QuickScan.Core.InputListener.<Start>b__0(NeatCompany.QuickScan.Interfaces.IInputAdapter, NeatCompany.QuickScan.Interfaces.InputItem, Boolean)
   at NeatCompany.QuickScan.Interfaces.InputItemAvailableDelegate.Invoke(NeatCompany.QuickScan.Interfaces.IInputAdapter, NeatCompany.QuickScan.Interfaces.InputItem, Boolean)
   at NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.nCaptureInputAdapter.RaiseInputItemAvailableEvent(NeatCompany.QuickScan.Interfaces.InputItem)
   at NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.nCaptureInputAdapter.SelectedScannerScannedItemAvailable(NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Devices.IScanSource, NeatCompany.QuickScan.Shared.CancelableInputItem)
   at NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Delegates+ScannedItemAvailableDelegate.Invoke(NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Devices.IScanSource, NeatCompany.QuickScan.Shared.CancelableInputItem)
   at NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.ScannerManager.SourceOnItemAvailable(NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Devices.IScanDevice, NeatCompany.QuickScan.Shared.CancelableInputItem)
   at System.Action`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Invoke(System.__Canon, System.__Canon)
   at NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Devices.BaseScanDevice.ScanSessionItemAvailable(NeatCompany.QuickScan.Shared.CancelableInputItem)
   at NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Session.ScanSessionItemAvailableDelegate.Invoke(NeatCompany.QuickScan.Shared.CancelableInputItem)
   at NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Session.ScanSession.BuilderInputItemAvailable(NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Item.IInputItemBuilder, NeatCompany.QuickScan.Shared.CancelableInputItem)
   at NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Item.BuilderInputItemAvailableDelegate.Invoke(NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Item.IInputItemBuilder, NeatCompany.QuickScan.Shared.CancelableInputItem)
   at NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Item.InputItemBuilder.SaveImagesToDisk()
   at NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Session.ScanSessionFactory.<.ctor>b__0(NeatCompany.QuickScan.Inputs.nCaptureInputAdapter.Item.InputItemBuilder)
   at Retlang.Channels.ChannelSubscription`1+<>c__DisplayClass1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<OnMessageOnProducerThread>b__0()
   at Retlang.Core.BatchAndSingleExecutor.Execute(System.Action)
   at Retlang.Core.BatchAndSingleExecutor.ExecuteAll(System.Action[])
   at Retlang.Core.ActionExecutor.ExecuteNextBatch()
   at Retlang.Core.ActionExecutor.Run()
   at Retlang.Fibers.ThreadFiber.RunThread()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (06/20/2016 02:15:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Neat.exe, version: 5.6.1.526, time stamp: 0x55a4c891
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x22cc
Faulting application start time: 0xNeat.exe0
Faulting application path: Neat.exe1
Faulting module path: Neat.exe2
Report Id: Neat.exe3
 
Error: (06/20/2016 02:15:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Neat.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.ProtocolViolationException
   at System.Net.HttpWebRequest.GetResponse()
   at NeatCompany.Common.Http.WebRequestData.GetResponse(Boolean)
   at NeatCompany.NeatWorks.BusinessLogic.Http.NeatOnlineRequest.GetResponse(Boolean)
   at NeatCompany.NeatWorks.BusinessLogic.Http.NeatOnlineRequestExecutor.GetResponse(NeatCompany.NeatWorks.BusinessLogic.Http.INeatOnlineRequest, Boolean, Boolean)
   at NeatCompany.NeatWorks.BusinessLogic.Http.NeatOnlineRequestExecutor.GetResponse(NeatCompany.NeatWorks.BusinessLogic.Http.INeatOnlineRequest, Boolean)
   at NeatCompany.NeatWorks.BusinessLogic.Sync.Neat.MetricsFileApi.UploadFile(NeatCompany.NeatWorks.BusinessLogic.Http.NeatOnlineRequestTypes.PutMetricsFileParams)
   at NeatCompany.NeatWorks.BusinessLogic.Sync.Neat.MetricsFileApi.PutMetricsFile(System.String)
   at NeatCompany.NeatWorks.BusinessLogic.Metrics.UploadMetricsFileService.UploadAndDeleteAllMetricsFile(System.Object)
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)
 
Error: (06/20/2016 02:13:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Neat.exe, version: 5.6.1.526, time stamp: 0x55a4c891
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x1e24
Faulting application start time: 0xNeat.exe0
Faulting application path: Neat.exe1
Faulting module path: Neat.exe2
Report Id: Neat.exe3
 
Error: (06/20/2016 02:13:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Neat.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.ProtocolViolationException
   at System.Net.HttpWebRequest.GetResponse()
   at NeatCompany.Common.Http.WebRequestData.GetResponse(Boolean)
   at NeatCompany.NeatWorks.BusinessLogic.Http.NeatOnlineRequest.GetResponse(Boolean)
   at NeatCompany.NeatWorks.BusinessLogic.Http.NeatOnlineRequestExecutor.GetResponse(NeatCompany.NeatWorks.BusinessLogic.Http.INeatOnlineRequest, Boolean, Boolean)
   at NeatCompany.NeatWorks.BusinessLogic.Http.NeatOnlineRequestExecutor.GetResponse(NeatCompany.NeatWorks.BusinessLogic.Http.INeatOnlineRequest, Boolean)
   at NeatCompany.NeatWorks.BusinessLogic.Sync.Neat.MetricsFileApi.UploadFile(NeatCompany.NeatWorks.BusinessLogic.Http.NeatOnlineRequestTypes.PutMetricsFileParams)
   at NeatCompany.NeatWorks.BusinessLogic.Sync.Neat.MetricsFileApi.PutMetricsFile(System.String)
   at NeatCompany.NeatWorks.BusinessLogic.Metrics.UploadMetricsFileService.UploadAndDeleteAllMetricsFile(System.Object)
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)
 
 
System errors:
=============
Error: (06/23/2016 01:33:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1070 = After starting, the service hung in a start-pending state.
 
 
Error: (06/23/2016 01:33:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Server service hung on starting.
 
Error: (06/23/2016 01:31:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5 = Access is denied.
.
 
Error: (06/23/2016 01:19:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Seagate Dashboard Services service.
 
Error: (06/23/2016 01:17:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Seagate Dashboard Services service.
 
Error: (06/22/2016 11:29:20 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (06/22/2016 11:29:20 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (06/22/2016 03:28:23 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.223.1944.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.3.0215.00
 
Source Path: 4.3.0215.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/21/2016 03:27:50 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.223.1944.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.3.0215.00
 
Source Path: 4.3.0215.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/20/2016 03:26:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.223.1944.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.3.0215.00
 
Source Path: 4.3.0215.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 250 Processor
Percentage of memory in use: 71%
Total physical RAM: 2815.29 MB
Available physical RAM: 804.82 MB
Total Virtual: 5628.75 MB
Available Virtual: 3409.38 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:584.01 GB) (Free:498.28 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.06 GB) (Free:1.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (NeatConnect) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:3726.02 GB) (Free:3189.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1BF4EFF6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt ============================

Edited by bhzendner, 23 June 2016 - 03:01 PM.

  • 0

#5
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi bhzendner,

 

Please also attached your TDSSKiller log.


  • 0

#6
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts

It said nothing found. 


Edited by bhzendner, 27 June 2016 - 02:06 PM.

  • 0

#7
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi bhzendner,

I would still require the TDSSKiller log to be posted for review. There may be crucial information listed to help determine any deeper issue with your machine.

FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.




Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION
HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\MountPoints2: {1a86c09a-3120-11e3-9447-806e6f6e6963} - E:\AUTORUN.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> DefaultScope {1EE6AD67-E1B2-47D9-88B5-4DD33EE5AE5C} URL = 
SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: No Name -> {912C156F-05CF-4B62-851A-96E167A677B0} -> No File
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll [No File]
FF Plugin HKU\S-1-5-21-1996245975-2301006141-3792022614-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox => not found
CHR Extension: (No Name) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-10-10]
S4 LMIRfsClientNP; no ImagePath
Task: {1D77E712-D1F0-4D5E-A13C-B1225F5F19F2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5F3E76BD-F419-4CFD-9B79-4E57D14989FA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION


Emptytemp:
Hosts:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


Farbar Service Scanner

Please download Farbar Service Scanner to your desktop and double click on the file to run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
adwcleaner_new.png Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
In your next reply, please include the following:
  • TDSSKiller log
  • FRST fixlog
  • FSS log
  • AdwCleaner scan log

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP